> -Why the concern about letting that user have execute permissions, > and then prevent anyone (except those that have valid reasons) from > having write/execute permission to the webroot.
The permissions are Read, Write, and Execute. Read and Write are self explanatory (for directories Write means you can add new files). Execute means you can run an program or shell script (for directories this means you can change directories to it). There are 3 settings for the permissions, User-rwx, Group-rwx, and Other-rwx. Apache usually runs as an unprivileged user, so it uses the Other permissions. Other is everyone that isn't the owner or group, so it's basically anyone else on the server. If you give other write access to the directory with other execute permission, then anyone can read/write to the directory. Which means that they can delete, change text, images, what have you. On a shared server with lots of untrusted users if could be interesting. So create a temp directory, and give chmod o=rwx. Do your writing there, when done stick the final file into a table in a db, and have your main page fetch the contents. For the CMS, before you work too much, take a look at typo3 ... http://www.typo3.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
