Yeah, I tried turning safe mode on, but I'm not able to accomplish what I set forth to. Suppose I want to upload files to a directory called "repository". Now what should be the ownership and access permission of this directory be such that: 1. php (running as user apache) is able to upload files, and store in "repository" 2. no one, but this uploading script ( with uid == myuid ), is able to write to this directory.
I'm able to get the php script to write to this directory only if "repository" is world writable and it has ownership myuid:myuid. But what good does this make anyway, for the directory is still world-writable. By the way, if this thing is really possible by turning safe-mode on, why on earth is it turned off by default? Nirnimesh. IIIT-Hyd. ------------- On Tue, 20 Jan 2004 11:45:52 -0500, Cpt John W. Holmes wrote: > From: "Nirnimesh" <[EMAIL PROTECTED]> > >> My question relates to using php for handling file uploads. Since php runs >> as user apache, using it to manage file uploads means that I need to give >> write permissions to the user apache, which is a near-to-nobody user, i.e. >> 0+w permissions. Now does that not mean that anyone who can run a php >> script on the server can write to my account? > > Yep. > >> Is there any configuration setting that I need to fix, for this seems to >> me to be too trivial to be a bug, but still I know it can be used with >> fatal effects. > > Turn safe_mode on or put open_basedir (?) restrictions in effect. The manual > will have more info. > > ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
