You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Daniel Nolte <dr...@gmx.net> on 2002/08/09 16:22:19 UTC
Running phpscript with UID
Hi,
I want that phpscript get executed with the userid
of the owner of the file or if that's easier with the uid I define
in "VirutalHost". I tried suexec, but suexec needs for every
user an own php-binary, since it checks who owns this binary.
Is there a better/easier way?
Does Apache 2.x has a feature for this problem?
Bye
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Running phpscript with UID
Posted by Lewis Watson <li...@visionsix.com>.
> On Fri, Aug 09, 2002 at 04:22:19PM +0200, Daniel Nolte wrote:
> > I want that phpscript get executed with the userid
> > of the owner of the file or if that's easier with the uid I define
> > in "VirutalHost". I tried suexec, but suexec needs for every
> > user an own php-binary, since it checks who owns this binary.
> > Is there a better/easier way?
>
Hi Daniel,
Another option is to compile php as a cgi binary -- and then using it as
you would with any other cgi-script. Then, with suexec enabled, you could
run php scripts under the users uid via suexec. It has to be ran as either a
cgi-script or server-include for suexec to work. Some of the downsides to
this is the shebang is required at the top just as you would with any other
scripting language #!/usr/local/bin/php and you would have to meet all of
suexec's requirements to make it work. Consider php safe mode and other
security options when using php as a cgi binary as found at
http://www.php.net/manual/en/security.cgi-bin.php
I hope this helps.
Lewis Watson
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Running phpscript with UID
Posted by Zac Stevens <zt...@cryptocracy.com>.
Hi Daniel,
On Fri, Aug 09, 2002 at 04:22:19PM +0200, Daniel Nolte wrote:
> I want that phpscript get executed with the userid
> of the owner of the file or if that's easier with the uid I define
> in "VirutalHost". I tried suexec, but suexec needs for every
> user an own php-binary, since it checks who owns this binary.
> Is there a better/easier way?
Unfortunately no - to do what you need requires using the PHP CGI binary,
and suexec. This is because of the way the unix privilege system work, as
it isn't possible for a program to securely change its privileges in a
reversable way.
One variation worth investigating is running PHP as a FastCGI binary. This
keeps a persistant copy of PHP running as an external program which the
httpd talks to. I believe it would be possible to run the FastCGI binary
as different users and have one copy running for each VirtualHost requiring
this feature.
Each of these has its downsides - CGI in terms of per-request overheads
incurred in startup; FastCGI in requiring sufficient resources to run many
PHP interpreters, whether or not they're being used.
> Does Apache 2.x has a feature for this problem?
Something in the works for Apache 2 is the 'perchild' MPM, which allows you
to run children as a specific user and only direct a single VirtualHost to
it. While this would do what you want, this MPM is not usable at the
present time.
Hope that helps,
Zac
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org