Results 1 to 2 of 2
  1. #1
    Join Date
    Feb 2004

    php being run as nobody

    my php scripts runs as user nobody (i've seen a lot of discussion around php_suexec, and many ppl say it's not a good option)

    if a user make a script to run "rm -rf /" will all sites be deleted (since php has access to them)?

    php_basedir prevents this?


  2. #2
    Join Date
    Feb 2002
    Vestal, NY
    php runs as the user nobody, so no files can be deleted by a php script other than files owned by the user nobody or files set writeable by everyone (chmod 777 or 666). This is a security risk since config files are other files written to or read from PHP scripts need to have permissions to allow user "nobody" to read or write. Therefore, the potential is there for anyone with PHP access to read or write to any files on the server that belong to or are readable by user "nobody".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts