I'm about to write a PHP script which needs to work on all PHP configurations whilst maintaining a high level of security.
I need a script (lets call it "script.php") to create a directory (called "folder/") which it can then write text files into. Both the directory and any written files need to be secure (i.e. no 777 permissions here).
The problem I'm having is that (and please correct me if I'm wrong) if safe-mode is enabled and scripts are running as nobody then when script.php creates "folder/", this directory will be owned by nobody. Because script.php is owned by my username, safe-mode won't allow it to write into "folder/" (because "folder/" is owned by nobody). Safe-mode requires scripts and any directories they write into to both be owned by the same person.
I thought about making script.php FTP in and create the directory that way so that it'll be owned by my username, but then if scripts are running as nobody it won't have permission (under safe-mode) to write into the directory (because it's owned by my username).
What is the best solution to this? How do I create a folder and write to it under safe-mode with scripts running as nobody and still maintain a high level of security?
Any help is much appreciated.
Permissions question
Moderator: General Moderators
I don't believe that your scripts can run as "nobody". They either run as you, or as the Apache process. If you temporarily chmod a directory to 777, and have the web program create a sub-directory and change its rights to 744 (all through the script) you should end up with a directory that only the web process can write to.
solutions?
When I have a folder that needs 777 permissions I stick in one directory above the web directory.