Quote:
Originally Posted by camperjohn64
- I tried running apache as root while I run the scripts, but it won't let me.
- I tried sudo from PHP, but it won't let me either.
|
There are reasons it won't let you, no matter how hard you try.
PHP, designed as a blog script but abused and treated as a programming language, is dangerous enough running as "nobody".
Quote:
|
Website A, has a settings file. I want to create a duplicate settings file, in another folder that User A can modify. That is all I need to do.
|
chgrp apache /home/*/domains/thescript/settings
chmod 775 /home/*/domains/thescript/settings
Or:
Make a script or better yet a simple C program that does that exact job, taking as little input
from the user as possible, and make it setuid (4755). setuid is very powerful, but that means
it has to be done right to avoid great risk, so be careful. Some systems won't even let you
setuid a shell script because it's so hard to make one secure, so the common practice is to
do all setuid scripts in C using a prior setuid program as a temple. /usr/bin/passwd is common,
and well written, setuid program.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids