Reply to Re: PHP 4 security File Access Issue on AIX

Your name:

Reply:


Posted by J.O. Aho on 06/22/07 08:37

Alex Lirus wrote:
> Hi.
> We are facing a problem with an old PHP application.
>
> The application browse the local server directory in order to show to
> the
> client browser file info and data.
>
> When we remove all the grants from "others", from any of the
> directoryes or the
> tree involved, or the files themself, the progam pop up with the
> error:
>
> ------
> Warning: opendir(/appl/apt000/pt0/include/p/): failed to open dir:
> Permission denied in /appl/estion/AE/web/html/sources/filed/
> gestioneOggetti.php on line 337
> ------

You can suppress the error messages with putting @ in front of opendir

$hd@opendir($dir);


> The user runnig the web server is in the same group (aspt000) (but is
> not the owner) of any of the dirs/files involved.

if the webserver is in the group that is the group owner of the file, then
there shouldn't be any trouble for it to access the file, at least as long as
it's the servers main group.



> We want to tighten the security on the machine so we have to remove
> the "others"
> grants, but in other hand we don't want to face a PHP upgrade to a
> newer version.

If the user has to authenticate itself before starting to browse, then it
would be the users ownership that affects the access to files, and you would
get more "power" in limiting file access.


--

//Aho

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация