Re: [PHP] Owner or other; permissions for webpage users
On Thu, 2010-02-11 at 17:01 +1100, clanc...@cybec.com.au wrote: > On Wed, 10 Feb 2010 16:08:42 +1030, james.mcl...@gmail.com (James McLean) > wrote: > > >On Wed, Feb 10, 2010 at 2:51 PM, wrote: > >> I'm basically familiar with the UNIX permissions - 'owner', 'group', or > >> 'other', but I > >> have no real idea how these apply to webpage users under PHP. I know that > >> if I FTP to the > >> server I am the owner, and I think that if I, or anyone else, opens one of > >> my webpages I > >> am 'other'. > > > >Almost right. It's UGO, User Group and Other. > > > >When you view a PHP page, it's (usually) served by Apache, the process > >will be owned by a user, usually 'apache'; who is also a member of a > >group, usually 'apache'. On some systems these users/groups can be > >'httpd', 'www-data' etc. When you or I look at a PHP file served from > >Apache, there is no concept of users/groups/others outside those that > >apply to the Apache process that served the data. > > > >> However what I would like to do is assign certain users, who have logged > >> in through a > >> security portal, to 'group', so that they (but not 'others') have > >> permission to write to > >> data files on the site. > > > >It's a seperate thing, because once again inside PHP there is no > >concept of users/groups outside the Apache process itself. It would be > >up to your PHP code to manage who has access to what, the files will > >all be read from and written to disk by the Apache process. > > Thanks. So it is as I feared, and if I want any file to be editable under any > circumstances, I have to give write access to 'others'. > > It is a little surprising that PHP has not made any provision for > manipulating users write > permissions, as this could provide a little extra protection from malicious > users. > > You can manipulate users write permissions if you're the owner of a file, but what you're asking is to manipulate the user under which PHP is running dynamically. As users and permissions is so integral to the safe working of the system, this would be no easy feat for something that you should be easily able to tackle with some PHP ingenuity. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Owner or other; permissions for webpage users
On Wed, 10 Feb 2010 16:08:42 +1030, james.mcl...@gmail.com (James McLean) wrote: >On Wed, Feb 10, 2010 at 2:51 PM, wrote: >> I'm basically familiar with the UNIX permissions - 'owner', 'group', or >> 'other', but I >> have no real idea how these apply to webpage users under PHP. I know that if >> I FTP to the >> server I am the owner, and I think that if I, or anyone else, opens one of >> my webpages I >> am 'other'. > >Almost right. It's UGO, User Group and Other. > >When you view a PHP page, it's (usually) served by Apache, the process >will be owned by a user, usually 'apache'; who is also a member of a >group, usually 'apache'. On some systems these users/groups can be >'httpd', 'www-data' etc. When you or I look at a PHP file served from >Apache, there is no concept of users/groups/others outside those that >apply to the Apache process that served the data. > >> However what I would like to do is assign certain users, who have logged in >> through a >> security portal, to 'group', so that they (but not 'others') have permission >> to write to >> data files on the site. > >It's a seperate thing, because once again inside PHP there is no >concept of users/groups outside the Apache process itself. It would be >up to your PHP code to manage who has access to what, the files will >all be read from and written to disk by the Apache process. Thanks. So it is as I feared, and if I want any file to be editable under any circumstances, I have to give write access to 'others'. It is a little surprising that PHP has not made any provision for manipulating users write permissions, as this could provide a little extra protection from malicious users. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Owner or other; permissions for webpage users
On Wed, Feb 10, 2010 at 2:51 PM, wrote: > I'm basically familiar with the UNIX permissions - 'owner', 'group', or > 'other', but I > have no real idea how these apply to webpage users under PHP. I know that if > I FTP to the > server I am the owner, and I think that if I, or anyone else, opens one of my > webpages I > am 'other'. Almost right. It's UGO, User Group and Other. When you view a PHP page, it's (usually) served by Apache, the process will be owned by a user, usually 'apache'; who is also a member of a group, usually 'apache'. On some systems these users/groups can be 'httpd', 'www-data' etc. When you or I look at a PHP file served from Apache, there is no concept of users/groups/others outside those that apply to the Apache process that served the data. > However what I would like to do is assign certain users, who have logged in > through a > security portal, to 'group', so that they (but not 'others') have permission > to write to > data files on the site. It's a seperate thing, because once again inside PHP there is no concept of users/groups outside the Apache process itself. It would be up to your PHP code to manage who has access to what, the files will all be read from and written to disk by the Apache process. HTH. Cheers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] owner of files created by fopen() become wrong?
On 9/6/05, Wong HoWang <[EMAIL PROTECTED]> wrote: > I have set up a VirtualHost for the domain that have problem. Since > I am using Apache/1.3.33 , I have set the User & Group inside & outside the > ... tags. As you know, the user & group > set outside VirtualHost will be the user & group that the main server run > with. And the one inside will be used for that domain only. Only for CGI requests. If you've configured PHP as an Apache module, it should still run as the user that you specified in the main User directive. http://httpd.apache.org/docs/1.3/mod/core.html#user (read the "special note") -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Owner
the list as replies asking you to confirm your email before allowing the post, this was brought in to stop people spamming the lists. so to post you need a subscribed email or a confirmed email. Paul Roberts - Original Message - From: "Justin French" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, September 26, 2002 1:22 PM Subject: Re: [PHP] Owner Why can't you post to the newsgroup with [EMAIL PROTECTED] (not that i've tried) Justin on 26/09/02 4:38 PM, John Taylor-Johnston ([EMAIL PROTECTED]) wrote: > Justin, > >> Best advice is to post strictly to the newsgroup with a dud email address, > > Unfortunately, that doesn't work. I had a hotmail address, but not acceptable. > Someone did not put it on the "accepted' list. Someone back there needs to > accept that address to allow that poster to post when using > news://news.php.net/php.general. Been through that. That's what I want to do > now. Who is he? I would like to work something out with him. > >> filter out anything to that address which doesn't have [PHP] in the subject > > I've been filtering :) > >> Using 'nospam' in your address' prolly doesn't help as much as it used to, > > True, But I could work around that too, when I talk with the chap in charge :) > >> Fun huh? > > Giggle loads :p > > Thanks, > John > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Owner
Why can't you post to the newsgroup with [EMAIL PROTECTED] (not that i've tried) Justin on 26/09/02 4:38 PM, John Taylor-Johnston ([EMAIL PROTECTED]) wrote: > Justin, > >> Best advice is to post strictly to the newsgroup with a dud email address, > > Unfortunately, that doesn't work. I had a hotmail address, but not acceptable. > Someone did not put it on the "accepted' list. Someone back there needs to > accept that address to allow that poster to post when using > news://news.php.net/php.general. Been through that. That's what I want to do > now. Who is he? I would like to work something out with him. > >> filter out anything to that address which doesn't have [PHP] in the subject > > I've been filtering :) > >> Using 'nospam' in your address' prolly doesn't help as much as it used to, > > True, But I could work around that too, when I talk with the chap in charge :) > >> Fun huh? > > Giggle loads :p > > Thanks, > John > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Owner
Justin, > Best advice is to post strictly to the newsgroup with a dud email address, Unfortunately, that doesn't work. I had a hotmail address, but not acceptable. Someone did not put it on the "accepted' list. Someone back there needs to accept that address to allow that poster to post when using news://news.php.net/php.general. Been through that. That's what I want to do now. Who is he? I would like to work something out with him. > filter out anything to that address which doesn't have [PHP] in the subject I've been filtering :) > Using 'nospam' in your address' prolly doesn't help as much as it used to, True, But I could work around that too, when I talk with the chap in charge :) > Fun huh? Giggle loads :p Thanks, John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Owner
The problem is NOT the list, but the services like marc that archive the lists activities... this means your email address sits there in plain view on MANY web pages for bots to find. Best advice is to post strictly to the newsgroup with a dud email address, or use a specific email address for your activities on the PHP list, and filter out anything to that address which doesn't have [PHP] in the subject line, which is what I plan to do soon. Using 'nospam' in your address' prolly doesn't help as much as it used to, because it's common practice these days, hence spiders probably attempt to parse it out. Your spam may be originating from somewhere entirely different from the PHP list... if your address is on ANY web page accessed via GET (URL, not POST), it's within reach of the spiders... Fun huh? Justin on 26/09/02 3:30 PM, John Taylor-Johnston ([EMAIL PROTECTED]) wrote: > Hi, > > Who is the forum's owner? > > I want to post questions using [EMAIL PROTECTED] and > [EMAIL PROTECTED] in my from: and reply-to: > > I post infrequently to this list using news://news.php.net/php.general NOT > [EMAIL PROTECTED] > This is about the only list I post to. I've been receiving a lot of spam from > Korea lately and what to put a stop to it, or at least slow it down. > > John > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php