RE: [PHP3] Writing to file - somebody other than nobody From: Cruz, Miguel (OD/ORS) (cruzm <email protected>)
Date: 11/30/99

> -----Original Message-----
> From: Boget, Chris [mailto:chris <email protected>]
> Sent: Tuesday, November 30, 1999 3:49 PM
> To: Php3 (E-mail)
> Subject: [PHP3] Writing to file - somebody other than nobody
>
> The webserver (and PHP as a result) runs as user nobody.
> There is a directory that I want to write files (create or
> append) in but user nobody doesn't have write access to
> that directory. Is there any way that I can change current
> user in order to write the file then change back to user
> nobody?

The way I've done this - and to my knowledge the only reasonable way of
achieving it - is to create a separate setuid program to handle these writes.
Your PHP app can then call on this little program to do its dirty work.

You need to be very careful in doing this. I'd suggest defining the task as
rigidly as possible and making it impossible for the setuid program to do
anything else. If possible, hardcode the destination file/directory into it.
Don't call any further programs from within the setuid program. Check for
potentially damaging conditions like excessive quantities of data. Be aware that
any other PHP program on the system could also be made to call this setuid
program (and could be made to read your PHP program, so you can't rely on a
password), and plan accordingly.

miguel 

-- 
PHP 3 Mailing List <http://www.php.net/>
To unsubscribe, send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
To contact the list administrators, e-mail: php-list-admin <email protected>