> I am running php on apacheon linux. Right now my php scripts > access the data as the user that is running apache. I would like > them to access the data as the user who is the owner of the script. > Can this be done? How? Is this a good idea (IE: are there hiden > programs to watch out for)
It can be done in several ways, all of which have at least some security risks. Least risky generalized solution is probably Apache's suexec http://apache.org You'll need to compile PHP again as a CGI binary, and add a second mime-type and extension to httpd.conf with AddType/Alias/Action (also documented at http://apache.org) If there are a limited number of specific activities you need done, you could write very simple scripts to provide extremely limited hard-coded abilities and make them world-executable (or, for root access, use suid or sudo or somesuch) You could also switch from Apache to phttpd which allows more flexibility -- calling a specific module by a specific user in different VirtualHosts. Or, wait for PHP and Apache 2 to stabilize which is alleged to provide this. Whatever you pick, be darn sure you understand the under-lying security issues. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
