By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,614 Members | 1,653 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,614 IT Pros & Developers. It's quick & easy.

Limit php to one user?

P: n/a
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can I do
that?
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
mrbog wrote:
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user.**(Linux*server).*Can*I*do
that?


You can with Apache and virtualhosts. I don't know about IIS or others.

Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.

Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess files
then this isn't a problem.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #2

P: n/a
I do mean apache, but I meant only one user on the server. As in a
unix user, like a shell account.

So, if the php file is owned by user joe, then it will execute on the
site, if not, then it won't. This way, if someone manages to upload a
php file to my site, it won't execute because it will be owned by the
"nobody" user.
Chris Hope <bl*******@electrictoolbox.com> wrote in message news:<10**************@216.128.74.129>...
mrbog wrote:
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can

I do
that?


You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess fi
les
then this isn't a problem.

Jul 17 '05 #3

P: n/a
mrbog wrote:
I do mean apache, but I meant only one user on the server. As in a
unix user, like a shell account.

So, if the php file is owned by user joe, then it will execute on the
site, if not, then it won't. This way, if someone manages to upload a
php file to my site, it won't execute because it will be owned by the
"nobody" user.
Chris Hope <bl*******@electrictoolbox.com> wrote in message news:<10**************@216.128.74.129>...
mrbog wrote:

As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can


I do
that?


You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess fi
les
then this isn't a problem.

I can do this with PHP on OpenVMS. I can set an ACL that only allows
the user that runs the web server to have access to it..., I don't use
any file-upload scripts either, but then again, I don't worry about
someone hacking my system cuz it can't be done... many have tried and
failed. This is what you get when you use a "real" operating system,
not the Swiss-cheese-for-security variety (*n*x, W{any version}).

Michael Austin.

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.