Re: Users/permissions/files - LAMP

jab3 wrote: 


Yeah, similar to what Balazs said, I actually have done this by running
a program I wrote in C as setuid root, but I consider that dangerous.
I made the program very compact, dealing with untainted data, but
still.  Guess that's the way to go for that though.


Yes, that's one way to do things.

Yep, that's my problem. :)  I keep wondering how these other sites do
it (like these online photo sites, e.g. SnapFish, that give you an
account and let you upload images for others to see).  I've considered
making it all managed from an SQL database and putting the files in a
PHP-accessible directory with SQL-generated ids as subdirectory names
for each user's folder and bypassing Linux permissions.  But that seems
less secure.


Why not just keep everything owned by the Apache process? Protect access to the files through a download script, .htaccess, or some similar way.

Even if you do change the ownership of the files you won't be more or less secure. They'll all be access via the Apache uid anyway.


I suppose I could have cron jobs that run x times an hour to move stuff
around.  I'll have to look some more into suexec.  And don't worry,
giving Apache root access has not occurred to me. :)


One of the worst ways to do things.


Thanks for help,
jab3


As I said - I just keep everything owned by Apache. Membership is managed through a MySQL database or .htaccess.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.

Quantcast