Greetings, all.
I'm a relative newcomer to PHP, looking into the possibilities of setting up
a LAMP (Linux, Apache, MySQL, PHP, and Perl) platform for a new web server.
We have everything set up and running currently, with PHP 4.04 running as an
Apache module. We'd like to pitch this to the higher-ups as a good thing
for our site and our customers (who would also be able to use PHP), but we
first have to address some security concerns.
Namely, we're thinking it would be nice for users to be able to write
scripts which would generate and store files within their home directories.
However, because PHP runs as nobody, any such file would essentially need
writable permission for every user. This leaves any PHP-written file
vulnerable to exploitation by anybody with a site on the server and some
knowledge of PHP.
Essentially, I'm wondering if there's any way in this situation for a PHP
script to inherit the permissions of the user that owns it. This would
allow us (and our users) to write freely within the confines of our own
directories. Nice thought, but I'm really beginning to wonder if it's
doable.
Any input or suggestions which could be offered would be very much
appreciated. Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
