Re: Selective permission to write in the directory.

Kurda Yon wrote:
I am not sure that I understood correctly. Is the logic as following?
All those, and only those, users which communicate with my server via
my php-script are seen by the server as 'nobody'. So, in the case if
ONLY 'nobody' has permission to write and execute the directory, the
content of the directory can be changed ONLY via my php-script. Do I
correctly understood?


No ;)

There is a common confusion between "users" of your website and "users" on your unix server. Users of the website are the people who visit it, like me and you, users on the server are people and programs listed in the server's /etc/passwd file. Website visitors have no rights on the server, because they are not listed as "users" there. The permission question is only relevant when we're talking about server users, not about website visitors.


Most php installations are configured in the way that php scripts run under the webserver user ("nobody", "www" or similar). On a shared hosting, that means that the files you create can be also accessed by everyone else hosted on the same server, because his scripts and yours have same permissions.


php tries to solve this problem with notorious "safe mode", though it's easy to fool around. You should consider dedicated hosting if security is a concern.



--
gosha bine

extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok
.

Relevant Pages

  • Re: PHP Instalation problems. Browser doesnt know what to do
    ... This is loaded and run as a local server (for class ... PHP 5.2.0 from php-5.2.0-win32-installer.msi ... # configuration directives that give the server its instructions. ...
    (comp.lang.php)
  • Re: PHP Instalation problems. Browser doesnt know what to do
    ... This is loaded and run as a local server (for class ... PHP 5.2.0 from php-5.2.0-win32-installer.msi ... # configuration directives that give the server its instructions. ...
    (comp.lang.php)
  • Re: write with cURL
    ... execute permissions. ... This is assuming that the PHP script runs ... of potential security risks from other users on the same server. ... Apache as the global web server user and thus needs world write ...
    (alt.php)
  • mysqli error?
    ... I'm just setting up my php enviroment and I typed in a simple script ... # configuration directives that give the server its instructions. ...
    (comp.lang.php)
  • Re: write with cURL
    ... execute permissions. ... This is assuming that the PHP script runs ... of potential security risks from other users on the same server. ... web server itself is part of the group. ...
    (alt.php)