Hi,
Am Donnerstag 22 Juli 2010, 14:58:20 schrieb Uwe Baumbach:
> is it possible to configure suPHP so, that a scripts would be executed
> under following circumstances: - script directory ist owned by user A of
> group GRP-A
> - in the directory some PHP-scripts belongs to user A of GRP-A, other to
> user B of the same group GRP-A - all scripts are writeable/executable by
> owner and group (GRP-A) (but not by all users) ??
I had the same problem. The attached patch adds a comparision of the primary
group of the file/directory with the target user's primary group if the pure
ownership check failed. I think this is a better solution as to totally
disable this check.
Best regards,
Roland
--- suphp-0.7.1/src/Application.cpp 2009-03-14 18:55:25.000000000 +0100
+++ suphp-0.7.1.new/src/Application.cpp 2010-09-01 11:44:22.000000000 +0200
@@ -395,7 +395,7 @@
// Paranoid mode only
#ifdef OPT_USERGROUP_PARANOID
- if (targetUser != scriptFile.getUser()) {
+ if (targetUser != scriptFile.getUser() && targetUser.getGroupInfo() != scriptFile.getUser().getGroupInfo()) {
std::string error ="Mismatch between target UID ("
+ Util::intToStr(targetUser.getUid()) + ") and UID ("
+ Util::intToStr(scriptFile.getUser().getUid()) + ") of file \""
@@ -548,7 +548,7 @@
directory = directory.getParentDirectory();
UserInfo directoryOwner = directory.getUser();
- if (directoryOwner != owner && !directoryOwner.isSuperUser()) {
+ if (directoryOwner != owner && !directoryOwner.isSuperUser() && directoryOwner.getGroupInfo() != owner.getGroupInfo()) {
std::string error = "Directory " + directory.getPath()
+ " is not owned by " + owner.getUsername();
logger.logWarning(error);
_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp
