That's correct because php runs as nobody unless phpsuexec is installed and 755 means only the owner "you" can write to those folders. Chmod the folder to 777 and it will work!XaHyMaH said:
Yes, but if you need php to write to it then you have no choice though your host should have protection in place to prevent other users on the server from accessing those folders via php such as php open base directory protection. The only way those folder can be written to otherwise is if someone finds/uploads an exploit to your server so you should practice good web security.XaHyMaH said:
Not unless php is run under phpsuexec! Basically, you own the file but php is a different user to you, the user "nobody". If php was you then every user on the server would require their own copy of php! If php open base directory protection is in place then you have nothing to worry about and anyway, why are you so paranoid :DXaHyMaH said:My logic is almost BSOD'ed
How's that - scripts are mine. The guy who uploaded them is me. But their rights like not mine.
Is there any solutions other than chmod 777
CPSCRIPTS
phpsuexec can cause some problems but it normaly works good theres also suphp which is supposed to be good
cpscripts said:
What exactly does it mean that everyone to the web can write to the folder? Anyone visiting a website with a file writable to anyone can just enter a url and write to it? This always confused me. That writable file by itself is not a security hole, there has to be another hole first, correct?
"Everyone on the web can write to that folder"
bull**** is all i have to say. 'everyone' on the server could however if its a cpanel server that is gonna be impossible due to restrictions. Chmod 777 basically means users such as apache, php etc can write to.
Quit worrying! Unless as dwh2 said there is a security hole in a file there are no other known security holes for this.
bull**** is all i have to say. 'everyone' on the server could however if its a cpanel server that is gonna be impossible due to restrictions. Chmod 777 basically means users such as apache, php etc can write to.
Quit worrying! Unless as dwh2 said there is a security hole in a file there are no other known security holes for this.
I prefer suPHP over PHPSuExec. Of course, I never really played with PHPSuExec that much, but I couldn't figure out how to enable it and disable it for certain accounts. This is something you can do with suPHP.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| A | Prevent PHP Scripts from being executed | Security | 1 | |
|
need help preventing malicious spam .php scripts | Security | 11 | |
| A | Disable cgi scripts even using fcgi as php handler. | Security | 1 | |
| B | see which php scripts are sending mail | Security | 8 | |
|
suPHP protects against massa defacement? perl scripts | Security | 13 |