My fingers were too fast. Here's the article: Here's some example of php.ini settings. Take a look at the php manual for these and other related php security settings.
safe_mode = On doc_root = /usr/local/apache/htdocs user_dir = /home/jdoe/htdocs -----Original Message----- From: Giz [mailto:[EMAIL PROTECTED] Sent: Saturday, March 06, 2004 4:04 PM To: 'Brian McGroarty'; '[EMAIL PROTECTED]' Subject: RE: [PHP-INSTALL] php + apache - how to run php suid? The php module way to handle this is to make use of apache security facilities. Keep in mind, that cgi != modules. They are fundamentally different. A module is part of the webserver process by definition. This is it's strength in terms of performance. What you have available to you for security is safe_mode. Take a look at this article. -----Original Message----- From: Brian McGroarty [mailto:[EMAIL PROTECTED] Sent: Saturday, March 06, 2004 12:05 AM To: [EMAIL PROTECTED] Subject: [PHP-INSTALL] php + apache - how to run php suid? I use apache's suid mechanism so that all cgi scripts in a user home directory run as that user. php scripts seem to still run as the apache user (www-data with Debian) however. Obviously this represents a nasty security risk, to say nothing of complicating disk quota management. As things stand, I can't give my friends php access and still sleep well. :) Is there a mechanism for php that's similar to suid? I'm hoping I don't have to install php as cgi for each user to do this.
