By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,729 Members | 1,340 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,729 IT Pros & Developers. It's quick & easy.

Apache/PHP different uid, gid?

P: n/a


As my little attempt at security, i have an apache server running under
a "web" group... That way, any php/html/directories i don't want any
one to see on the server, but that i would like to publish on the web
can just be given permissions of 770 or 660. Also, any one authorized
to change the scripts/html can also be in the "web" group. Is this a
good idea?

However.. One thing i noticed is that when i have scripts in 2
different directories say /projects/abc/dir1 and /projects/abc/dir2, and
one has to include another, PHP does not have permission to get in the
other directory unless i make it 776 (giving people not in the group
access to the directory).

When the directory is 770, i get a "failed to open stream: Permission"
error from PHP. I would think that since Apache runs under a certain
uid and gid which has access to the direcory, then php would run under
the same uid and gid, and therefore have access to the directory.
What's the problem? How do I fix it?

-d

Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
It should run as the same UID if it's running as a module... are you running
the module, or the CGI version? If you're running the CGI version, try
chowning it and chmodding it to set the "set user ID" and "set group ID"
properties.

Doug wrote:
As my little attempt at security, i have an apache server running
under a "web" group... That way, any php/html/directories i don't
want any one to see on the server, but that i would like to publish
on the web can just be given permissions of 770 or 660. Also, any
one authorized to change the scripts/html can also be in the "web"
group. Is this a good idea?

However.. One thing i noticed is that when i have scripts in 2
different directories say /projects/abc/dir1 and /projects/abc/dir2,
and one has to include another, PHP does not have permission to get
in the other directory unless i make it 776 (giving people not in the
group access to the directory).

When the directory is 770, i get a "failed to open stream: Permission"
error from PHP. I would think that since Apache runs under a certain
uid and gid which has access to the direcory, then php would run under
the same uid and gid, and therefore have access to the directory.
What's the problem? How do I fix it?

-d

Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.