|
|
Posted by gosha bine on 07/29/07 23:40
Kurda Yon wrote:
> I am not sure that I understood correctly. Is the logic as following?
> All those, and only those, users which communicate with my server via
> my php-script are seen by the server as 'nobody'. So, in the case if
> ONLY 'nobody' has permission to write and execute the directory, the
> content of the directory can be changed ONLY via my php-script. Do I
> correctly understood?
>
No ;)
There is a common confusion between "users" of your website and "users"
on your unix server. Users of the website are the people who visit it,
like me and you, users on the server are people and programs listed in
the server's /etc/passwd file. Website visitors have no rights on the
server, because they are not listed as "users" there. The permission
question is only relevant when we're talking about server users, not
about website visitors.
Most php installations are configured in the way that php scripts run
under the webserver user ("nobody", "www" or similar). On a shared
hosting, that means that the files you create can be also accessed by
everyone else hosted on the same server, because his scripts and yours
have same permissions.
php tries to solve this problem with notorious "safe mode", though it's
easy to fool around. You should consider dedicated hosting if security
is a concern.
--
gosha bine
extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok
Navigation:
[Reply to this message]
|