Posted by Jerry Stuckle on 03/25/06 14:58

Conrad wrote:
> Hi, it seems that I have the following issue when trying to create a
> symbolic link within a script:
>
> FROM COMMAND LINE: The owner is set to myself. Thus, it works.
>
> FROM WEB PAGE: It doesn't work as expected.
>
> I know that it runs as one user at the command line and a different
> user from the web page. Thus, is it possible to do the following
> within the script:
>
> o switch to the correct user
> o create the symbolic link
> o switch back web page user
>
> BTW, I was using the following command:
>
> exec ( "ln -s " . dirname( SITE_ROOT ) . "/common_directory/* " .
> dirname( SITE_ROOT ) . "/new_directory" );
>
> Thanks in advance,
>
> -Conrad
>

Hi, Conrad,

That depends. If you're running on a shared server, then no, it probably won't
be possible. This will be restricted for security reasons.

If you're running your own server, then you can do it. I wouldn't recommend
doing it in Apache process though, just for security reasons.

What I've done in the past is to create an external script (outside webroot) which:

1. 'su's to the desired user (preferably NOT root!) with posix_setuid()
2. Performs the requested function
3. Returns to the existing user

You will need the setuid bit turned on in the php.ini file. However, I don't
like to do this for the main executable. So rather, I create another executable
with a strange name (so it can't be guessed) and set it's setuid bit on. Then I
specify this "special" executable in the first line of the external script.

It's not great security - but it's some, anyway.



--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]