|
|
Posted by Jochem Maas on 02/08/05 15:30
Phil Ewington - 43 Plc wrote:
> Hi All,
>
> I am revisiting a previous question posted here as after lots of
> investigation and code testing I cannot get what I want.
>
> I want to use PHP to read/write files that are outside of the web root and
> not owned by apache. To be specific...
>
> $HOME/.procmailrc
> $HOME/.spamassassin/user_prefs
>
> .procmailrc must be owned by root.root and chmod'd to 600 or is does not
> work, user_prefs can be owned by anyone, it does not seem to care who or
> what the permissions are. The first problem is .procmailrc, someone on this
> list suggested to use chown/chmod in PHP to change the file so it can be
> read/written to by PHP, this I soon realized was not an option as the file
> owned by root cannot be changed. For some reason user_prefs will not open
> for read/write even when I tested it under apache.apache and chmod'd to 755,
> perhaps because /home is owned by root?
>
> So my question is can I easily/safely edit files outside of the web root
> using PHP or is there a 3rd party command line tool to do this?
you can run PHP on the command line as root. you can also
use sudo to allow your script to run as root if run by another user.
you can call 'shell' commands (e.g. your command line php script via sudo)
from inside php (e.g. a script run via a webserver). your webscript would
act as a frontend to the cmdline script that runs as root... feeding it
the required data.
maybe that bit of freethought gives you some ideas as to how to tackle the
problem?
alternatively you can have your script work on a copy of .procmailrc and
have a cronjob check that file periodically for changes (and correct syntax)
and if changed replace the actual file.
obviously you webscript frontend will need to be well secured however you
decide/manage to solve the problem! doing it right won't be a piece of cake
me thinks (based on my own experience of web security and the mailings on internals@
of late, mainly by Rasmus, which very much give the impression that securing a
web app properly is some what beyond hard :-) ...cue new request filter extension.)
>
>
> TIA
>
>
> ---
> Phil Ewington
>
> 43 Plc - Ashdale House
> 35 Broad Street, Wokingham
> Berkshire RG40 1AU
>
> T: +44 (0)1189 789 500
> F: +44 (0)1189 784 994
> E: mailto:phil.ewington@43plc.com
> W: www.soyouthink.com
>
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 07/02/2005
>
Navigation:
[Reply to this message]
|