[PHP] Re: Re: RE: Cannot access file on Network Drive (Windows 2003)
This *might* be correct with PHP as an Apache Module, but I doubt it. I think it's more like: Whatever - PHP - stdio.h File System calls Whatever will affect what user is running PHP and thus what permissions they have, but that's about it. Is it then: Whatever['Apache.exe'] (owns) System Process (which) Requests (using) stdio.h How/what determines the active process that is requesting the directive (and matches access privileges)? If PHP is running in CLI, I could see how this might be seen as a different process, but I'm fuzzy about file permissions extended through primary processes (such as Apache using an executable)... The whole apache GUID mess seems like cryptic middle ages eye gouging... -- Jared Farrish Intermediate Web Developer Denton, Tx Abraham Maslow: If the only tool you have is a hammer, you tend to see every problem as a nail. $$
Re: [PHP] Re: Re: RE: Cannot access file on Network Drive (Windows 2003)
On Thu, May 24, 2007 5:29 pm, Jared Farrish wrote: This *might* be correct with PHP as an Apache Module, but I doubt it. I think it's more like: Whatever - PHP - stdio.h File System calls Whatever will affect what user is running PHP and thus what permissions they have, but that's about it. Is it then: Whatever['Apache.exe'] (owns) System Process (which) Requests (using) stdio.h I dunno what the heck is System Process... If System Process means Operating System then, yes, sort of, except that Apache doesn't own the OS, so that's not making sense... How/what determines the active process that is requesting the directive (and matches access privileges)? Does Windows care what PROCESS is accessing the file, or does it care what USER running that process is accessing the file?... If Windows denies access to user X running process P, but grants access to user X running process Q, then it's even more messed up than I thought, and that was pretty friggin messed up to start with... If PHP is running in CLI, I could see how this might be seen as a different process, but I'm fuzzy about file permissions extended through primary processes (such as Apache using an executable)... The whole apache GUID mess seems like cryptic middle ages eye gouging... Apache starts up as root process to do some god-like things and then immediately changes its user-ness to the setting in httpd.conf and spawns off its children after that. How that interacts with the goofy Windows Services and settings in those interminible dialogs about which user runs which Service is beyond me... I can only guess that the Services User starts Apache initially, which then changes itself to the httpd.conf User before PHP enters into the picture. So whatever you choose for the Services User only matters for the first few nano-seconds of Apache's life, and httpd.conf User is what matters after that... But that's just a GUESS not really using Windows all that much, and certainly not understanding the various Windows security (cough cough) models over the years. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: RE: Cannot access file on Network Drive (Windows 2003)
Richard Lynch wrote: Apache starts up as root process to do some god-like things and then immediately changes its user-ness to the setting in httpd.conf and spawns off its children after that. Not under Win32 it doesn't. How that interacts with the goofy Windows Services and settings in those interminible dialogs about which user runs which Service is beyond me... I can only guess that the Services User starts Apache initially, which then changes itself to the httpd.conf User before PHP enters into the picture. So whatever you choose for the Services User only matters for the first few nano-seconds of Apache's life, and httpd.conf User is what matters after that... But that's just a GUESS not really using Windows all that much, and certainly not understanding the various Windows security (cough cough) models over the years. Apache does no user switching under Windows. Whatever user the service is configured to run as is the user it stays running as. The user/group settings in httpd.conf are ignored under Windows. Where I think the OP is falling down is that by default services *do not have access to network resources*. So all (s)he needs to do is change the user that the service runs as to a real user instead of LOCALSYSTEM which is the default. However, the user should be aware that this is considered a fairly major security hole unless you create a user specifically for this purpose and lock it down so it can only get at what it needs. All of which is beyond the scope of this list and should probably be directed at an Apache list, or my billing email address!! -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
