haaglin Posted November 9, 2006 Share Posted November 9, 2006 Hi.I'm developing a CMS system, and i had some problem with mixed permission between me and www-data. I know why, so thats not my problem. But is there a security risk if i give all the ownership to www-data, or nobody? I would like to make an "update" feature, but i cant do that unless apache owns the files. I also use pclzip to unpack during installation, wich saves me a lot of time, but again, these files belong to apache, and if it's a security risk, then i cant do it. Link to comment https://forums.phpfreaks.com/topic/26743-php-ownership-of-files-safe-to-give-all-to-www-data/ Share on other sites More sharing options...
haaglin Posted November 9, 2006 Author Share Posted November 9, 2006 crap! I just made a script i uploaded to another webuser on the same host, and i was able to read all my config files with mysql connection details and other sensitive stuff of my web. Wihout apache owning the files, i cant use the "zip" way of installing, and i cant offer an update feature. to bad.Does anyone know a solution to this, without needing the host to do some changes? Link to comment https://forums.phpfreaks.com/topic/26743-php-ownership-of-files-safe-to-give-all-to-www-data/#findComment-122301 Share on other sites More sharing options...
haaglin Posted November 10, 2006 Author Share Posted November 10, 2006 *bump* Link to comment https://forums.phpfreaks.com/topic/26743-php-ownership-of-files-safe-to-give-all-to-www-data/#findComment-122383 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.