Re: [suse-linux-uk-schools] Web Server setup.
----- Original Message ----- From: "Alex Brett" <alex.brett@brettcomputers.co.uk> To: "Rob Keeling" <rob@rjkeeling.freeserve.co.uk> Sent: Saturday, January 17, 2004 9:11 PM Subject: Re: [suse-linux-uk-schools] Web Server setup.
If you enable php safe mode (http://www.php.net/features.safe-mode) then scripts can only access files etc that are owned by the same UID as the owner of the script itself, therefore they can't see/change anything they haven't created.
Hope this helps, Alex Brett alex.brett@brettcomputers.co.uk
Alex, does this mean php checks for the owner of the script file, or checks for the effective uid which is running the script? For example, if the script is stored on the filesystem as owner fred, group nogroup, and apache is running as wwwrun,nogroup, will php in safe mode use fred or wwwrun? If its fred, then it sorts the problem, if it`s wwwrun, then anyones script could look at anyone elses files. Does that make sense? Thanks for the help. Rob Keeling Network Manager Queen Elizabeth`s Grammar School
On 17 Jan 2004 at 19:12, Rob Keeling wrote:
I am trying to set up a small internal web server for student use. The
idea is that
the subjects who create web pages can then upload (via sftp) the pages to each users home area on the server.
I have this working, using winbind, pam_skel and apache set with Home dirs on, all on a SuSE 8.2 box.
What I want to add now is mysql & php support. The idea being that we can give them a sample php script (say a questionnaire script for data handling), which their class mates can complete, and then the results can be read out of mysql probably via phpmyadm.
However,I read that there are security problemswith php if multiple usersrun scriptson the webserver, which runas the web server user.
How doothers copewith this problem?
Any suggestions greatly received!
RobKeeling
--
I love deadlines. I love the whooshing noise they make as they go by.
participants (1)
-
Rob Keeling