I have created a script that will dynamically rebuild an enter site form a database. The proplem is that php scripts create files for the user 'unknow' in UNIX/Linux, and that user doesn't normally have access to the document root. I could set the permission to 777 but that is not a good idea in general.

Is there a way I can safely create files, and directories, with php in the document root without loosing all security?

chown/chgrp/chmod them.

Thanks, those are good ideas, but they would still leave me with two problems.
1) The document root of my site still has to be set to 777, which isn't a great idea.
2) I would not have the ability to delete, or replace, anything from a subsequent script.

I’m hoping there is a way that a php script can login to UNIX/Linux as a different user that has the required privileges. Or perhaps call a C program in the server system that can set and revoke the required privileges, before and after the php script runs.

I have looked through all the php documentation I can find, but I haven’t been able to locate anything that describes this kind of functionality. UNIX/Linux is definately my week area, but I'm sure the must be a way to do this somehow.

Have the script rebuild the tree in another directory, and have a priviliged user cron job that checks periodically and does the actual mv/cp or whatever....

I use a similar strategy with smaller objects and /tmp ... if you are rebuilding an entire site, it might not fit in /tmp, but you might be able to do it within your /home/foo* ....

Thanks for the idea. I can see how that could work well, but I have over 300 sites and growing, that's just way to much overhead for the servers.

The final solution came, as most do, with a great deal of reading and learning yet another language (perl), and a lot of trial and error.

What I wound up with is:
- A 'listener', written in perl, and set up as a daemon that runs on all the servers.
- Each server has a shared directory that all the sites can write to.
-When a site requires a rebuild, it writes a text file called 'on' to the shared directory. The file contains a single line, which is the full path to the document root for the site.
- The listener is owned by root, and continuously checks the shared directory. When it finds a file named 'on', it reads the contents and sets the privilages of the site root to 777.
-the rebuild program waits for the privilages to be set, then rebuilds the site, then writes a file called 'off' to the shared directory
- the listener also looks for the 'off' files to set the site privilages back.

It's all working perfectly now.