[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user privileges with php (like with suexec)

Probably not. If you're not using the CGI version of PHP, then you have to use the module version, and thus PHP will be joined at the hip with the Apache daemons and you're stuck w/ the user/group that Apache is running under.

As you mentioned, the CGI version of PHP does not have this problem, but it has its own performance issues (forking new processes, etc.).

You might look into the php.ini file that comes with PHP. The PHP authors have added a lot of security options that you might find useful. Among these are options like disabling any number of PHP built-in functions, memory limits on running scripts, processor time limits on running scripts, etc.

Unfortunately, the user/group issue with the module version of PHP is not easily solveable.

Eric Jennings
Loopshot, LLC

I am wondering what is the best way to get simular results to suexec
with php?

I've heard of people running seperate instances of apache for each
client.  Is that likely to be a messy solution?  how much overhead would
each instance be?

The other solution is to use the CGI version of php and use suexec.  I
still don't think this is as nice as just using the the php module.

Have I missed any solutions?

Although I'm reluctant to hack any code that would be running as root,
would it be possible to hack php to pass pages to child proceses owned
by the same user as the php file and if none exist create one?


Jeremy Lunn
Melbourne, Australia

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: