| Flamer 2006-07-21, 1:35 am |
|
cronoklee@hotmail.com wrote:
> Hi! I'm having this common enough (i think) problem:
> My php scripts run as the Apache user 'nobody'. I need php to make
> some
> directories for me on the fly but it creates them under the user
> 'nobody'. This means that I cannot edit or delete them via FTP as I am
> not the user 'nobody'!
>
> The only way around this I have found is to CHMOD 777 all new
> directories I create, making them editable by everyone. Obvoiusly this
> is a security risk so I'm trying to avoid it.
> Has anyone got a solution to this problem please?
>
>
> Thanks
> Ciar=E1n
yes it is common, infact its a massive security risk on shared host (i
am guessing that is what your on) because your php scripts can run as
the user nobody (the same as everyone elses on that server does) then
you can execute/read/write anyone elses php files, i would talk to my
host and suggest they run each instance under the ftp username. well
please let me know whether or not you are leasing webserver space
because i find it hard to believe that al there users have 0777
permissions on all their folders, and anyway, you would have to run a
php script to change the folder permissions too because your ftp
account wouldnt have access to do it. allowing full access to the world
on php documents is a huge no no..
Flamer.
|