Curt, thanks for that, I didnt see that in the notes. A question that I havent been able to work out since reading this is...
When both you and the person in the contributed notes say: "make your php cgi setuid" and "that is ran in cgi mode that is setuid'd" ... How do I setuid a CGI script? ...surely if i access it through the browser it will still execute as apache? Cheers ----- Original Message ----- From: "Curt Zirzow" <[EMAIL PROTECTED]> Newsgroups: php.general To: <[EMAIL PROTECTED]> Sent: Monday, July 21, 2003 5:08 AM Subject: Re: [PHP] POSIX seteuid and similar > * Thus wrote David Goodchild ([EMAIL PROTECTED]): > > Hi, > > > > I am trying to create a small php program where I can control users > > processes. As far as I see I require Apache to run as root in order to do > > this (Note: I wish to access it via a webpage run through a browser). At > > the moment all pages are executed as user 'apache' (UID #48 in this case). > > Other than giving apache root access which i hear is a very bad thing to do, > > what other ways can i use the posix_seteuid() functions and the like. > > > > Any help at all will be really appreciated. > > There is an example in the contributed notes on the site under the > posix_setuid. Baically it is a perl script that is ran in cgi mode that > is setuid'd. then opens a php script that runs the setuid script. > > I dont see why, if you choose this method is to just bypass the perl cgi > and just make your php cgi setuid. > > I'm not sure of any security issues in doing that but it seems better > than running your whole apache server as root. > > Curt > -- > "I used to think I was indecisive, but now I'm not so sure." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
