well if apache is running as nobody, php is running as nobody (most likely) and that's a case where I'd say you might want to reconfigure things so that apache/php run as a different user. Most of the time when I've seen nobody, there are lots of daemons running as nobody and it might not be a good idea to have so much running as nobody (in case someone manages to hijack something else that's running as nobody). Creating a user like www might work, but as you know it all depends. Also, keep in mind that if you chown stuff to a user that is not a login user and you have shell users that need to edit those files you will run into a problem (but that's where group perms really do come in handy). > > My shared host chowns files that they want me to be able to edit to my shell > user, with the group being a special group they have created for process > segregation. For files they don't want me to edit (some special log files > mostly), they chown those files to the segregated "apache user". On the > servers at my office anyone who needs to edit files is also trusted with sudo > rights (very few of us) so we can edit any file on the system regardless of > who owns the file. If you are the only user you might not need to worry about > that as much but (last time I promise...) it depends ;) > > Again it's really only a problem if your PHP has to write to files on the > system and not strictly to some mysql db, for example. As long as the php > interpreter and apache (and of course, the world, that is - web browsers) can > see the files you should be alright. > > Hope it helps! > > --Mike H > Mike:
Many thanks. This was really helpful. My strategy is already formulating. A brew or two and it will be solidified....
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
