Allow ONLY ME to use exec() and system()

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
yabado
Forum Newbie
Posts: 2
Joined: Tue Jan 16, 2007 8:42 am

Allow ONLY ME to use exec() and system()

Post by yabado »

I run a shared server with hundreds of clients.

I would like to be able to do system level stuff, bit not allow anyone else to.

I have all the disable_functions set, but want to allow just myself access to use them.

Is there a way I can accomplish this?

Thanks.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

I'm not expert on the topic, but I would try setting the permissions per user at the operating system level.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You should be able to remove the disable_functions settings via php_admin_value directives in the httpd.conf for your particular directory.

edit: oops, nevermind, it's a php.ini only directive.

There's the option of using a different php.ini for your directories however.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

I'm thinking it would be a UNIX permissions issue - you might need to run your own instance of apache or php with the guid bit set.
yabado
Forum Newbie
Posts: 2
Joined: Tue Jan 16, 2007 8:42 am

Post by yabado »

feyd wrote:
There's the option of using a different php.ini for your directories however.
Really? How do you use different php.ini files ina single instance of PHP?


All the mention of UNIX permissions are not relevant. Changing permissions has no effect on how PHP performs. Thanks anyway.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You cannot change ini files for a single instance of PHP. The file is only read once.

CGI versions are the way to go if you don't want to have multiple instances of Apache running.
Post Reply