PHP scripts are unable to create files...

That's correct because php runs as nobody unless phpsuexec is installed and 755 means only the owner "you" can write to those folders. Chmod the folder to 777 and it will work!

 

Yes, but if you need php to write to it then you have no choice though your host should have protection in place to prevent other users on the server from accessing those folders via php such as php open base directory protection. The only way those folder can be written to otherwise is if someone finds/uploads an exploit to your server so you should practice good web security.

 

Not unless php is run under phpsuexec! Basically, you own the file but php is a different user to you, the user "nobody". If php was you then every user on the server would require their own copy of php! If php open base directory protection is in place then you have nothing to worry about and anyway, why are you so paranoid :D


CPSCRIPTS

 

phpsuexec can cause some problems but it normaly works good theres also suphp which is supposed to be good

 

Hi,

PHPSUEXEC is a module for Apache which can be used to run PHP as a CGI under
the User of the web site owner. If it is not set up completely, it will
require that the #! be included at the front of the php code in order to
invoke PHP as the CGI.

 

Bah to shebang lines is all I can say

 

What exactly does it mean that everyone to the web can write to the folder? Anyone visiting a website with a file writable to anyone can just enter a url and write to it? This always confused me. That writable file by itself is not a security hole, there has to be another hole first, correct?

 

"Everyone on the web can write to that folder"
bullshit is all i have to say. 'everyone' on the server could however if its a cpanel server that is gonna be impossible due to restrictions. Chmod 777 basically means users such as apache, php etc can write to.

Quit worrying! Unless as dwh2 said there is a security hole in a file there are no other known security holes for this.

 

I prefer suPHP over PHPSuExec. Of course, I never really played with PHPSuExec that much, but I couldn't figure out how to enable it and disable it for certain accounts. This is something you can do with suPHP.