I forgot to send this to the list previously, so resending it now. If you enable php safe mode (http://www.php.net/features.safe-mode) then scripts can only access files etc that are owned by the same UID as the owner of the script itself, therefore they can't see/change anything they haven't created. e.g. if the user fred owns a script, and apache runs as apache - then the script will only be able to access files owned by fred, or any files in a directory owned by fred, therefore the script won't be able to access stuff it shouldn't be able to, even if apache can access it. Hope this helps, Alex Brett alex.brett@brettcomputers.co.uk On 17 Jan 2004 at 19:12, Rob Keeling wrote:

I am trying to set up a small internal web server for student use. The idea is that the subjects who create web pages can then upload (via sftp) the pages to each users home area on the server.

I have this working, using winbind, pam_skel and apache set with Home dirs on, all on a SuSE 8.2 box.

What I want to add now is mysql & php support. The idea being that we can give them a sample php script (say a questionnaire script for data handling), which their class mates can complete, and then the results can be read out of mysql probably via phpmyadm.

However,I read that there are security problemswith php if multiple usersrun scriptson the webserver, which runas the web server user.

How doothers copewith this problem?

Any suggestions greatly received!

RobKeeling

--

I love deadlines. I love the whooshing noise they make as they go by.