The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php running as nobody

Discussion in 'General Discussion' started by jpeacock, Oct 17, 2006.

  1. jpeacock

    jpeacock Member

    Joined:
    May 17, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hi everyone,
    I have a client who's not able to use php to write to the filesystem (sorta). I have php4 as an apache mod and php5 running as cgi. They're using the php4 module. What happens is that they're able to create the folders and such with php, but they're owned by the user nobody, and not their username, thus causing them to not be able to do anything with the newly created folder. any ideas on what's happening?
     
  2. Rafaelfpviana

    Rafaelfpviana Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brazil
    hello hello,

    I see that you are new here.

    Nobody is the default user for cpanel's apache server, if you wish to change that, recompile php and Apache with phpsuexec, that will run every php script as the user instead of the user nobody.
     
  3. jpeacock

    jpeacock Member

    Joined:
    May 17, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    thanks, i'll give it a shot. "wow" at the very quick reply :)
     
  4. Rafaelfpviana

    Rafaelfpviana Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brazil
    Just remember one thing, runing php as the user is sometimes very bad, for exemple.

    Let's say you have a exploitable php script on your web site, like an old version of phpbb, since you php scripts for that domain is runing as bob (exemple) the attacker can erase/replace/rename any arquives that belong to bob, even index.php

    I've seen many websites getting defaced because of this, so be carefull.

    :D
     
Loading...

Share This Page