Hi!
I've got a problem with preconfigured server (Apache 1.3/MySQL 3/PHP 4):
Files and directories created by a PHP script are always owned by the apache
user and apache group. But the script itself is inside of a virtualhost
which has another user and group (web2 / ftponly)!
So in fact the
I've got a problem with preconfigured server (Apache 1.3/MySQL 3/PHP 4):
Files and directories created by a PHP script are always owned by the
apache
user and apache group. But the script itself is inside of a virtualhost
which has another user and group (web2 / ftponly)!
So in fact the
Cpt John W. Holmes wrote:
So in fact the script has to run with the rights of the user web2??
Perhaps
it does, but files/dirs are create with owner apache.
PHP runs as a module inside of apache, so any files it creates are owned
by the Apache user. That's the way it works.
If you run
* Thus wrote Joachim ([EMAIL PROTECTED]):
Cpt John W. Holmes wrote:
So in fact the script has to run with the rights of the user
web2??
Perhaps
it does, but files/dirs are create with owner apache.
PHP runs as a module inside of apache, so any files it creates
are owned by the
Curt Zirzow wrote:
This way, it seems to me like security hole, because I have to
use 0777 while creating, then everybody could do everything with
the files. Well, there is the open_basedir setting, put then,
what's about other user doing other things (not PHP)?
Yes that is a big
* Thus wrote Joachim ([EMAIL PROTECTED]):
Curt Zirzow wrote:
This way, it seems to me like security hole, because I have to
use 0777 while creating, then everybody could do everything with
the files. Well, there is the open_basedir setting, put then,
what's about other user doing other
Curt Zirzow wrote:
* Thus wrote Joachim ([EMAIL PROTECTED]):
Yes that is a big security hole. There are some hosting solutions,
I cant really help you there, but this concept I think should work
would be:
[...]
user/group: $virtualuser/apache
Hmm, well. It may be more secure, but
7 matches
Mail list logo