Mailinglist Archive: opensuse-edu (61 mails)
| < Previous | Next > |
Re: [suse-linux-uk-schools] Web Server setup.
- From: "Rob Keeling" <rob@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 18 Jan 2004 16:05:07 +0000 (UTC)
- Message-id: <055901c3dddc$d4f18ed0$1c00000a@RJKLAPTOP>
----- Original Message -----
From: "Alex Brett" <alex.brett@xxxxxxxxxxxxxxxxxxxx>
To: "Rob Keeling" <rob@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sent: Saturday, January 17, 2004 9:11 PM
Subject: Re: [suse-linux-uk-schools] Web Server setup.
> If you enable php safe mode (http://www.php.net/features.safe-mode)
> then scripts can only access files etc that are owned by the same UID
> as the owner of the script itself, therefore they can't see/change
> anything they haven't created.
>
> Hope this helps,
> Alex Brett
> alex.brett@xxxxxxxxxxxxxxxxxxxx
Alex, does this mean php checks for the owner of the script file, or checks
for the effective uid which is running the script?
For example, if the script is stored on the filesystem as owner fred, group
nogroup, and apache is running as wwwrun,nogroup,
will php in safe mode use fred or wwwrun? If its fred, then it sorts the
problem, if it`s wwwrun, then anyones script could look at
anyone elses files.
Does that make sense?
Thanks for the help.
Rob Keeling
Network Manager
Queen Elizabeth`s Grammar School
>
>
> On 17 Jan 2004 at 19:12, Rob Keeling wrote:
>
> >
> > I am trying to set up a small internal web server for student use. The
idea is that
> > the subjects who create web pages can then upload (via sftp) the pages
to each users
> > home area on the server.
> >
> > I have this working, using winbind, pam_skel and apache set with Home
dirs on, all on a SuSE
> > 8.2
> > box.
> >
> > What I want to add now is mysql & php support. The idea being that we
can give them a sample
> > php
> > script (say a questionnaire script for data handling), which their class
mates can complete, and
> > then
> > the results can be read out of mysql probably via phpmyadm.
> >
> > However,I read that there are security problemswith php if multiple
usersrun scriptson the
> > webserver,
> > which runas the web server user.
> >
> > How doothers copewith this problem?
> >
> > Any suggestions greatly received!
> >
> > RobKeeling
> >
> > --
> >
> > I love deadlines. I love the whooshing noise they make as they go by.
> >
>
>
>
>
| < Previous | Next > |