|
|
Posted by Ugo Bellavance on 02/11/05 18:32
Matthew Walker wrote:
> And if you're running apache as root, you shouldn't be allowed to.
> Apache should always be run as as nonpriviledged user.
>
> On Fri, 2002-09-13 at 09:04, J Smith wrote:
>
>>>A running script cannot change its own permissions
>>
>>If you mean can't change it's user ID and/or group ID, that isn't entirely
>>true.
>>
>>If your script is being run as a privileged user on a UNIX system (usually
>>root), you can change the user/group IDs of the process (either effective
>>or real) with the POSIX extension. (posix_seteuid(), posix_setuid(), etc.)
>>
>>I haven't tried it from an Apache process, so I can't say if it will work
>>from a web server (doubtful) but it does work for standalone scripts from
>>the CGI/CLI.
AFAIK, your CGI is processed by a child process of apache, that should
run as an unpriviledged user, so it cannot change the U/GID.
[Back to original message]
|