Hi,
I have this PHP script (simplificated here), called delete_tmp.php
that basically calls external commands:
<?php
$session_file = '/tmp/sess_89765'
system(''rm -f' . ' ' . $session_file);
?>
delete_tmp.php file is owned by gamito.users
/tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users
My /tmp permissions are rwxrwxrwt and is owned by root.root
I know that the the sticky bit only allows files to be deleted by
their owners, the owner of the directory or by root.
Never the less, i can switch to /tmp directory and delete sess_89765
file as user gamito.
If I run:
$ php delete_tmp.php
as root, it deletes sess_89765 file.
But if I do the same has user gamito, it doesn't delete the file !!!
Ideas ?
Any help would be appreciated.
Warm Regards,
Mário Gamito
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
