[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] PHP Effective UID vs. CGI effectiv UID

Subject: RE: [cobalt-users] PHP Effective UID vs. CGI effectiv UID
From: "Greg O'Lone" <greg@xxxxxxxxxxxxxxxx>
Date: Sun Apr 13 07:52:00 2003
Organization: Stretched Out Software Inc
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx 
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of bib
> Sent: Sunday, April 13, 2003 8:07 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: [cobalt-users] PHP Effective UID vs. CGI effectiv UID
> 
> 
> Dear all,
> Still a newbe in managing a RaQ550 and apache, i've made some 
> verifications on the way the http server execute user scripts 
> (php and cgi).
> 
> A) cgi-wrapper seems to change effective UID to the site-owner of the 
> script. OK here.
> B) On the other hand, PHP scripts seems all to be running 
> under 'httpd' 
> user, which i don't like to much.
> 
> Will forcing PHP through suEXEC do the job ?
> Are there known side effects with the cobalt system setup ?
> Is there another way for forcing PHP engine to change EUID to 
> the script 
> owner before execution ?
> 
> Many thanks in advance for your tips
> Kindest regards
> Bertrand
> 

There appears to be a directive in PHP to do this for you...

http://www.php.net/manual/en/features.safe-mode.php

--
Greg O'Lone, President
Stretched Out Software, Inc
http://www.stretchedout.com

References:
- [cobalt-users] PHP Effective UID vs. CGI effectiv UID
  - From: bib

Prev by Date: RE: [cobalt-users] I've Been Hacked
Next by Date: Re: [cobalt-users] bind bug on reverse dns
Previous by thread: [cobalt-users] PHP Effective UID vs. CGI effectiv UID
Next by thread: RE: [cobalt-users] PHP Effective UID vs. CGI effectiv UID

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index