Re: write with cURL
- From: Tim Greer <tim@xxxxxxxxxxxxx>
- Date: Thu, 26 Feb 2009 18:22:32 -0800
Jerry Stuckle wrote:
Tim Greer wrote:
Ylva Poelman wrote:
The problem is that I do not want to change an existing file, but to
create a new one, write to it and saven it.
Then the directory you create the file is needs world read, write and
execute permissions. This is assuming that the PHP script runs as
the global web server user (and it surely does given the problem you
have). So, create a directory and set it to chmod 1777 (or 0777 if
you can't add the sticky bit) and then have files created there (or
wherever you need, though it's a terribly bad idea to set the primary
web root directory itself to world writable).
World read/write is VERY BAD. It opens the website to all kinds of
potential security risks from other users on the same server.
Rather, it should be user and group read/write, and ensure the web
server itself is part of the group.
I made this suggestion because their web host appears to run Apache as
the global web server user and thus needs world write permissions to
work. I doubt the OP has permission to configure the web server in
this case and it doesn't appear their hosting provider has it set up
that way. Also, if you have the web server added to the same group
that the user belongs to (for read and write permission), you still
need to give that group write privileges all the same, which imposes
many of the same risks as setting privs for world (now it just applies
that same logic to group).
Granted, that would make is so the web server will have read and write
access that only root, the user themselves and the web server group
have that access to (and not just any user would, so it is better than
world), and thus it's slightly better in that regard, but it will still
allow any user's PHP script to have the same write, modify and delete
access to the user's files, since it'll run as the Apache group, too.
Instead, I recommend having the host implement suPHP and not run PHP in
the Apache API, so only their user and the web server have read, write
and execute permissions. But, that's still up to their web host, and
it doesn't sound like either of these suggestions are viable options
for them.
If the web host doesn't offer that or won't change (they likely won't if
they're not already doing it), I'd suggest to just run PHP in CGI (if
the host offers CGI with the SuEXEC CGI wrapper), as that will provide
them with the same advantages of not having to use world (or group w/ a
shared Apache group) access to anything, though it would require a
trivial amount of knowledge with permissions and likely adding the
shebang line to the top of any PHP scripts they'd be executing. It may
come down to that or finding a web hosting provider with a better idea
of what they are doing.
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!
.
- Follow-Ups:
- Re: write with cURL
- From: Jerry Stuckle
- Re: write with cURL
- References:
- write with cURL
- From: user
- Re: write with cURL
- From: Tim Greer
- Re: write with cURL
- From: Ylva Poelman
- Re: write with cURL
- From: Tim Greer
- Re: write with cURL
- From: Ylva Poelman
- Re: write with cURL
- From: Tim Greer
- Re: write with cURL
- From: Ylva Poelman
- Re: write with cURL
- From: Tim Greer
- Re: write with cURL
- From: Jerry Stuckle
- write with cURL
- Prev by Date: Re: write with cURL
- Next by Date: Re: write with cURL
- Previous by thread: Re: write with cURL
- Next by thread: Re: write with cURL
- Index(es):
Relevant Pages
|
Loading
