You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Chris <ap...@coolarrow.com> on 2005/11/11 21:43:34 UTC

[users@httpd] Running PHP scripts as owner UID

I have read about a couple of differnt ways to make php scripts run as their owner, and wondered if there is a general consensus with Apache2 as to the best way to accomplish this.

On a server with multiple virtual hosts, wouldn't it be safer to have each site owner to be running their php scripts as their own UID? Currently all php scripts are running as www, the same as the httpd server.

Thanks for suggestions,
Chris


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re[2]: [users@httpd] Running PHP scripts as owner UID

Posted by Chris <ap...@coolarrow.com>.

>> On a server with multiple virtual hosts, wouldn't it be safer to have
>>each site owner to be running their php scripts as their own UID?

>Yes.. it is better.
>The problem is how to do it.


suphp looks like it was designed for just this issue... anyone here using it?

Chris


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Running PHP scripts as owner UID

Posted by "Ivan Barrera A." <Br...@Ivn.cl>.

Chris wrote:
> I have read about a couple of differnt ways to make php scripts run as their owner, and wondered if there is a general consensus with Apache2 as to the best way to accomplish this.
> 
> On a server with multiple virtual hosts, wouldn't it be safer to have each site owner to be running their php scripts as their own UID? Currently all php scripts are running as www, the same as the httpd server.
> 

Yes.. it is better.
The problem is how to do it.

That's why there are differents approachs of MPM's (as perchild,
prefork, and worker)

> Thanks for suggestions,
> Chris
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org