--- Burhan Khalid <[EMAIL PROTECTED]> wrote: > On Friday, July 11, 2003, 5:07:49 PM, Mark wrote: > > [ snip ] > > M> That is correct. According to the docs, if the directory is not > M> executable, you can't even get the permissions on the files in > it. > M> I'm confused, though. > > M> Let me state at the begining that I'm not a linux guy. Learning, > but > M> slowly. > > M> -Doesn't PHP run as some user? > > PHP runs with the same permissions as Apache.
Understood. > > M> -Is the issue giving that user execute permissions in the web > root? > > If Apache cannot create a file in a directory, then PHP can't do it > either. Understood as well. > > M> -Why the concern about letting that user have execute > permissions, > M> and then prevent anyone (execpt those that have valid reasons) > from > M> having write/execute permission to the webroot. > > I don't think the problem is with execute permissions. It just > needs > to be able to write and read from a directory, not necessarily > execute. Although I'm not too sure about this. > > M> Am I missing something basic? Quite possibly... > > This isn't the easiest of things... I guess I have two questions, then. 1-What is the risk of allowing apache to write to the webroot as opposed to a directory under the webroot? I guess it would prevent website defacement, but other than that, can't I do anything malicious in a webroot subdirectory that I can do in the webroot? 2-Is "this is not the easiest of things" about letting the apache user read/write, but not other users? If so, I must have misunderstood what I've read about linux security (again, quite possibly). I thought users could be in a group, and that group given permissions to a directory/file. Trying to learn... Mark ===== Mark Weinstock [EMAIL PROTECTED] *************************************** You can't demand something as a "right" unless you are willing to fight to death to defend everyone else's right to the same thing. *************************************** __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
