Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Moderator: General Moderators
yabado
Forum Newbie
Posts: 2 Joined: Tue Jan 16, 2007 8:42 am
Post
by yabado » Tue Jan 16, 2007 9:05 am
I run a shared server with hundreds of clients.
I would like to be able to do system level stuff, bit not allow anyone else to.
I have all the disable_functions set, but want to allow just myself access to use them.
Is there a way I can accomplish this?
Thanks.
aaronhall
DevNet Resident
Posts: 1040 Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:
Post
by aaronhall » Tue Jan 16, 2007 1:12 pm
I'm not expert on the topic, but I would try setting the permissions per user at the operating system level.
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Tue Jan 16, 2007 3:03 pm
You should be able to remove the disable_functions settings via php_admin_value directives in the httpd.conf for your particular directory.
edit: oops, nevermind, it's a php.ini only directive.
There's the option of using a different php.ini for your directories however.
Kieran Huggins
DevNet Master
Posts: 3635 Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:
Post
by Kieran Huggins » Tue Jan 16, 2007 4:15 pm
I'm thinking it would be a UNIX permissions issue - you might need to run your own instance of apache or php with the guid bit set.
yabado
Forum Newbie
Posts: 2 Joined: Tue Jan 16, 2007 8:42 am
Post
by yabado » Wed Jan 17, 2007 6:48 am
feyd wrote:
There's the option of using a different php.ini for your directories however.
Really? How do you use different php.ini files ina single instance of PHP?
All the mention of UNIX permissions are not relevant. Changing permissions has no effect on how PHP performs. Thanks anyway.
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Jan 17, 2007 8:29 am
You cannot change ini files for a single instance of PHP. The file is only read once.
CGI versions are the way to go if you don't want to have multiple instances of Apache running.