|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
|
Addict
Joined: Apr 2002
Posts: 1,768 |
This is odd.
On a server that I'm helping someone with, when a PHP script is executed from a web browser, files that the script creates are owned by "nobody". But files created by Perl scripts executed from a web browser on the same server are owned by the account owner (which is the desired result).
Why is that? Is there a php.ini parameter that controls this?
|
|
|
|
|
Joined: Dec 2000
Posts: 1,471
Addict
|
|
Addict
Joined: Dec 2000
Posts: 1,471 |
Is PHP running as an apache module or in CGI mode? AFAIK there's no way to control this via php.ini.
Under many web hosting providers, the web server program runs as the user named 'nobody'. Because the web server program itself runs as 'nobody', CGI scripts normally also run as 'nobody'.
|
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
|
Addict
Joined: Apr 2002
Posts: 1,768 |
I think it's running as an Apache module. There's no #! line required to run PHP scripts.
Why would Perl scripts behave differently, i.e., files they create are owned by the account owner, not by "nobody".
|
|
|
|
|
Joined: Dec 2000
Posts: 1,471
Addict
|
|
Addict
Joined: Dec 2000
Posts: 1,471 |
Perl can use the "suecec" extension from apache that accomplishes this behaviour.
PHP can't use it. All files generated with php are owned by the apache, cause it's the parent process.
You'll have to do a chown in the php script that creates the files to assign it to the account owner.
|
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
|
Addict
Joined: Apr 2002
Posts: 1,768 |
Thanks.
I heard back from the web host. They're trying out an "experimental" PHP SuExec module which is supposed to do the same thing as the SuExec that Perl uses.
I don't think chown() will work unless you're running as "root".
|
|
|
|
|
Joined: Oct 2000
Posts: 2,223
Veteran
|
|
Veteran
Joined: Oct 2000
Posts: 2,223 |
If you compile PHP as a CGI binary instead of a DSO or complied into Apache, and then run it like you do perl with the shebang line then it will run under SuExec.
Picture perfect penmanship here.
|
|
|
|
|
Joined: Oct 2000
Posts: 2,223
Veteran
|
|
Veteran
Joined: Oct 2000
Posts: 2,223 |
Ooops, forgot this, chown will not work unless you are root. You're correct.
Picture perfect penmanship here.
|
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
|
Addict
Joined: Apr 2002
Posts: 1,768 |
This seems like a rather serious security issue. If you're using PHP scripts on a shared server, then directories and files require wide permissions, which means that any other account on the same server can access those directories and files. The binary (non-DSO) version of PHP appears to be available on the server, since I can run PHP from the shell. Is adding the #! line to all the PHP scripts (that are executed by HTTP request) the best solution? That could be a maintenance headache. And wouldn't it defeat some of the performance advantages of running PHP as an Apache module? Making use of safe_mode or open_basedir might provide protection from other PHP scripts, but not from Perl scripts or shell commands. I was doing some research, and found this page. Does that sound like a solution?
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 5,833
Joined: January 2000
|
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
| |
Most Online5,166
Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
