php running as nobody

[jpeacock]

Hi everyone,
I have a client who's not able to use php to write to the filesystem (sorta). I have php4 as an apache mod and php5 running as cgi. They're using the php4 module. What happens is that they're able to create the folders and such with php, but they're owned by the user nobody, and not their username, thus causing them to not be able to do anything with the newly created folder. any ideas on what's happening?

 

[Rafaelfpviana]

hello hello,

I see that you are new here.

Nobody is the default user for cpanel's apache server, if you wish to change that, recompile php and Apache with phpsuexec, that will run every php script as the user instead of the user nobody.

 

[jpeacock]

thanks, i'll give it a shot. "wow" at the very quick reply

 

[Rafaelfpviana]

Just remember one thing, runing php as the user is sometimes very bad, for exemple.

Let's say you have a exploitable php script on your web site, like an old version of phpbb, since you php scripts for that domain is runing as bob (exemple) the attacker can erase/replace/rename any arquives that belong to bob, even index.php

I've seen many websites getting defaced because of this, so be carefull.

:D