Hi Drew, Drew A. Withers schrieb: >> That said, I have a similar "squash" in effect on my end. Accesses by >> root on the NFS client map to UID -1 on the server -- so as long as all >> the files involved are world-readable (as they should be) you should be >> fine (as I'm currently looking through my homedir as root...but can't >> open my .mail file. > > It is true that suphp has no problem when the php file in question is > world-readable, but we don't want all php files to be world readable. > That doesn't make much sense.
You might be interested in the setfsuid() and setresuid() system calls. Something like setresuid(-1, unprivileged_uid, 0) before and something like setresuid(-1, 0, -1) after the check code might work for you. Of course, then unprivileged_uid has to be a uid that can at least stat() the script files and directories (the webserver uid might a good choice for that). However, I have not thought about any security issues this might cause, so you should check, whether this works in a safe manner before implementing it. Regards Sebastian _______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp
