> * Thus wrote Lowell Allen ([EMAIL PROTECTED]): >> My commercial host is set up with the public root directory, "public_html", >> owned by user: userid, group: nobody. Directories I create within >> public_html are owned by user: userid, group: userid. As a result, PHP does >> not have permission to create files or write to files in public_html, but it >> does within its subdirectories. >> >> Is this a common setup? Are there security problems with changing the >> ownership of public_html to user: userid, group: userid so PHP can create >> files within the root directory? Advice, opinions, and links to relevant >> information are requested. > > I usually keep my writable directories outside the public_html > directory. > > homedir/public_html/* All read only by webserver. > homedir/private_data/* Make these files read/write > > > Curt
I should have explained that the setup is a problem because the site uses a content management system that updates a few static HTML pages -- the pages that get hit most often. The commercial host seems to have changed their standard setup so that my CMS can no longer update these pages since PHP no longer has permission to write to public_html. (I'll eventually get an explanation from the host. I find I have to email one simple question at a time.) I could change the permissions of public_html to 777, but that doesn't seem like a good idea. I could write the static files to a subdirectory, but that would require rewriting several output functions. Or I could ask the commercial host to change ownership of public_html to userid.userid. But is there a security problem with that? -- Lowell Allen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
