eFishy

Ok from what I am reading suPHP looks at who owns a file (for example "tom" owns the file) and then runs the file using the permissions inherited by that user. But say I have a single file "move.php" this will run this shell command "cp /file/source /file/destination" For protection I want to lock different users out of directories they do not own. So when run by user1 who wants to move /home/user1/old.txt to /home/user1/new.txt I want it to run using the permissions of "user1" which would be allowed. Yet when the same PHP file is run by user2 I want it to run using the user2 permissions... So if the user1 tried to move /home/user2/creditcard to /home/user1/ they wouldn't be allowed as they are running under user1 permissions...

Cool, that will make things a lot easier! Now just to learn the syntax, do you know of any suPHP tutorials? or examples? doesn't seem to be many and their own documentation only appears to cover the installation and configuration of the module and not so much the use of it.

Yes but with it wouldn't everything be run as a single pre defined in the config sudo user with appropriate rights? Or can you dynamically change the user that suPHP sets within the PHP script at run time? if so any examples?

Might be able to get something like this to do the job. http://www.debian-administration.org/article/Running_PHP_scripts_as_specific_users_with_suphp

Basically that was the problem, suPHP uses the same user for all actions. Say I have two users /home/user1/ and /home/user2/ I wanted it so that when user1 does a command even if they got to inject something into the shell commands such as "rm -rf" it would still only effect their own directory /home/user1/. Giving php sudo access to the entire home directory would allow them to run it in any users directory's like /home/user2/ Basically I wanted to keep the built in Linux layer of security plus my other security methods. But if suPHP under a single sudo'ed user is the only option suppose I will have to do that...

Hi everyone, I am currently writing a script that I want to be able to run shell commands as a specified and constantly changing user on the system, also I don't want to use root. Basically when a user registers for an account the script creates an account for them on the local Linux system (matching the user they gave for the mySQL login), they are then given a /home/$username/ directory, obviously this is owned by the user "username" and the rest of the script will allow them to modify files and folders within this directory (much like the way cPanel works I suppose). To allow my PHP script to edit the directory I could just allow my PHP root access to the system... Overriding the Linux security... but I would rather use some kind of suPHP to define run this command as this "$username therefore adding more secuirty so if a injection attack was possible through the user inputs they would still only be allowed access to their local system resources... not things like shadow files and other user files. Hope that makes sence, look forward to any other ideas you may have as well. Thanks, Tom

Hi, I have a load of perl scripts that I have been running from PHP. And they all work fine other than this one. The perl script output's to a text file, now when run in SSH everything works fine, I assume this is because I have admin rights. But when in PHP it just dies at the point where it open's/writes/creates the text file. How do I pass the perl script the correct rights from the php code? I have chmod to 777... 775... I have also chown to every user I can thing of. No Joy. Thanks, eFishy