[fedora] Apache and PHP
Øyvind Lode
o-lode at online.no
Tue Aug 31 18:23:42 UTC 2004
Hello there!
I have a Fedora 1 box running Apache 2.0.50.
I have installed it using Fedora RPMs.
A friend of mine has his homepage on my server and he have a PHP guestbook.
The PHP file is called guestbook.php and when users submit something in his
guestbook the php script writes that to a file called guestbook.txt.
This work just fine but he is worried by the permissions on the file.
The guestbook.txt file have the following permissions:
-rwxr-xrw-
Owner is the username of my friend and the groupowner is also my friend.
He have heard someplace that having such a file world writeable is a
security risk.
He tells me that the file should not be writeable for everyone but it has to
be or the php script fails I tell him...
But he insists that it's possible to use this php script and write to the
txt file without having all other users write permission.
He says that it's a way of just giving the script permission to write to the
txt file and that's a good idea because now everyone can do whatever thety
want to the txt file...
The only problem is that he doesn't remember how this was done and don't
know either...
How is this done by the Pro's?
Øyvind
More information about the fedora-list
mailing list