Am 10.06.21 01:16 schrieb Gustavo Rios: > Hi folks! > > I am planning a web serve using openbsd as the os and using php. My > question is: how to avoid any given user from implement an php script that > will read some else file, since everything will run as the web server user > and group ?
If your requirements are really to run everything as the same user then it's not possible to forbid this user from reading files created by someone else that has same uid. Same uid means "same person". This means your webserver expects person A to be the owner of files created by person B. If you want to separate ownership of files then you have to create different users and restrict php from reading directories that it shouldn't. Another advice for 'web server security' is to don't give untrusted users shell access or any write access to your system so you won't have to deal with someone "implementing a script that will read someone else files"... ;-)
