should PHP ever run as root?

My company is leasing a server from Interland, which is a very large
web hosting company. I assume Interland knows how to set up a BSD
server with the usual add-ons, including PHP. But when I run
phpinfo(), I get information that makes it seem like PHP is running as
root. Isn't this a security problem?

My company is leasing a server from Interland, which is a very large
web hosting company. I assume Interland knows how to set up a BSD
server with the usual add-ons, including PHP. But when I run
phpinfo(), I get information that makes it seem like PHP is running as
root. Isn't this a security problem?

This is some of the info I'm getting back from phpinfo():

Additional Modules

Environment
USER root
HOME /root
ORIG_HOME /root
LOGNAME root
TERM vt100
PATH /bin:/usr/bin
CALLER root
CALLER_HOME /root
SUPERCMD apachectl_1.3.22_2.8.5
IFS
ORIG_USER root
ORIG_LOGNAME root

PHP Variables

HTTP_SERVER_VARS["argc"] 0
HTTP_ENV_VARS["USER"] root
HTTP_ENV_VARS["HOME"] /root
HTTP_ENV_VARS["ORIG_HOME"] /root
HTTP_ENV_VARS["LOGNAME"] root
HTTP_ENV_VARS["TERM"] vt100
HTTP_ENV_VARS["PATH"] /bin:/usr/bin
HTTP_ENV_VARS["CALLER"] root
HTTP_ENV_VARS["CALLER_HOME"] /root
HTTP_ENV_VARS["SUPERCMD"] apachectl_1.3.22_2.8.5
HTTP_ENV_VARS["IFS"]

HTTP_ENV_VARS["ORIG_USER"] root
HTTP_ENV_VARS["ORIG_LOGNAME"] root

lawrence wrote:

My company is leasing a server from Interland, which is a very large
web hosting company. I assume Interland knows how to set up a BSD
server with the usual add-ons, including PHP. But when I run
phpinfo(), I get information that makes it seem like PHP is running as
root. Isn't this a security problem?

.... Welll, that looks really neat!
Just launch a script execing shutdown -h 0 and see what happens.
Houston, that is not good, I repeat not good
I'll give that a try later today.
Perhaps though this is a chrooted environment ? Not too familiar with all
its intricacies, but I guess it could be possible to make it seem like a
regular root ? But maybe I am babbling as well. I often am, they say ;-)

"Pjotr Wedersteers" <x3****@westerterp.com> wrote in message news:<41***********************@news.xs4all.nl>...

lawrence wrote:

> My company is leasing a server from Interland, which is a very large
> web hosting company. I assume Interland knows how to set up a BSD
> server with the usual add-ons, including PHP. But when I run
> phpinfo(), I get information that makes it seem like PHP is running as
> root. Isn't this a security problem?

...

Welll, that looks really neat!
Just launch a script execing shutdown -h 0 and see what happens.
Houston, that is not good, I repeat not good

I'll give that a try later today.

Perhaps though this is a chrooted environment ? Not too familiar with all
its intricacies, but I guess it could be possible to make it seem like a
regular root ? But maybe I am babbling as well. I often am, they say ;-)

What does chrooted mean?

It means the directory structure is made to appear that you're in one
place (like / ) when you're really in another ( like /usr/yourname >
and the directories like bin, etc and lib show up with only the
commands you can run.
By the way, I just had PHP create a directory and the owner of the
directory was listed as "nobody". What to conclude? Or, better, what
to test?