Hey all... I am just wondering what everyone thinks about how to properly set permissions so that a shared hosting user can use PHP to do things, like create text files, in their own directory?

I know the directory that is to be written in has to have write privledges, but turning that on for everyone seems like a bit of a secuirty risk, does it not?

Anyway, any best practices here would be appreciated!

Bill

Our web server user has group write permissions to the user's directories by having the users's directories group ownership as the web server user.

So we use group permissions, and not other.

Originally posted by machineman
Hey all... I am just wondering what everyone thinks about how to properly set permissions so that a shared hosting user can use PHP to do things, like create text files, in their own directory?

I know the directory that is to be written in has to have write privledges, but turning that on for everyone seems like a bit of a secuirty risk, does it not?

Anyway, any best practices here would be appreciated!

Bill

You either have to run PHP as CGI and use a CGI wrapper to have it run as their user, or something similar, or you have to allow the web server's user and/or group to have permission (and if PHP is a web server module, that means that everyone else will still have the same permissions with their PHP script too). If your question is in regards to if other users PHP scripts can do things to files another users PHP script has done or the same write/create/delete permission that the other user would have, then yes, unless you make some modifications. It's not really built (PHP and Apache) to run perfectly secure in a shared user environment without some modifications and it's still not perfect.

Good point. He really only asked about permissions, but I'd assumed that he was using safe mode or open_basedir. If he was running it as CGI, he'd have suexec (otherwise why run it as CGI?) enabled and the web user wouldn't need write permissions.

Originally posted by bitserve
Good point. He really only asked about permissions, but I'd assumed that he was using safe mode or open_basedir. If he was running it as CGI, he'd have suexec (otherwise why run it as CGI?) enabled and the web user wouldn't need write permissions.


Exactly. Unless there's something to 'wrap' the PHP process in, even if ran via a module interface, then CGI with SuEXEC is the only option to protect the source of the PHP script and any files it might use, and also to protect the file or directory it uses.

I suppose you could put a sticky bit to at least make it so world writable directories will at least still only allow the PHP process to modify the file in question, if that's a concern (even if it's no more of a hassle to have another user's PHP script modify the file anyway).

I'm going to see if I can knock out some code to get around this problem with the module and try and not open up any new issues by doing so. This poor choice of PHP as CGI or all users having the same access issue is old and there needs to be a solution before it continues much longer.

Originally posted by bitserve
Good point. He really only asked about permissions, but I'd assumed that he was using safe mode or open_basedir. If he was running it as CGI, he'd have suexec (otherwise why run it as CGI?) enabled and the web user wouldn't need write permissions.

Wow, I can't believe something like this has been a problem that hasn't been addressed! I am new to hosting the unix world, and this seems like a big one!

If you come up with anything or would like some help testing, just let me know!

Thanks,
Bill