Jump to content

Archived

This topic is now archived and is closed to further replies.

wyrd33

Writing to files, security, and chmod 777.

Recommended Posts

Okay, I have a script that creates files and writes to them in a specific folder. However, I have to chmod 777 the folder for it to work. This is insecure, obviously. The reason for this, using system("whoami"), returns "nobody". Thus, the script isn't executing under my username, it's executing from the web, which is nobody. I guess this is obvious and typical.

What I'm looking for is a way to run the script as myself, so I do not have to insecurely chmod 777 the directory. I would like to keep it 755 and have a secure, safe web site (well, as safe as I can make it, anyway).

How can I accomplish this? Will executing the script with a cronjob work? If I run system("whoami") from a cronjob will it show up as my username rather than "nobody"?

I can't think of any other ways to get around this. I really, really don't want to chmod 777 a directory.

Share this post


Link to post
Share on other sites
Using the chmod() function in PHP means that the server itself is changing the permissions of the directory; PHP is parsed by the server, this is the most secure method than you can choose, in my opinion.

Share this post


Link to post
Share on other sites
I think you misread my post. I'm not talking about chmod() the PHP command.

Share this post


Link to post
Share on other sites
i believe anyone who accesses this via the web is using a general user account created by the admin. anything that is created by the web user inherits the permissions. correct me if im wrong.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.