shared hosting &amp; permissions

shared hosting & permissions

Anon

hi,

i decided to finally ask this one:

let's say i go for a shared hosting. okay, they create user "myname" for me. files in my directory get this kind of permissions:

-rwx-rwx-r--- myname.mynamegrp

now i would like to create a directory from PHP script. because apache runs "nobody" user, i need to change permission on my root directory to give other users [apache user] the option to WRITE on my directory structure. when i do that all other users on the same box will be able to read my PHP files.

my question is: when you are on shared machine, how do you configure permissions so you will be able to:

1) create files & directories
2) other users will be unable to read your PHP files

whatever i do... if apache will be able to read/delete my files, that means all other scripts on the same machine can do that too. theoretically i could delete everyone's files that way?

Matjaz

[deleted]

You don't have to give world permissions on your root dir, just make a subdir that is rw for the apache user.

And indeed, this is a big security risk.

That is why shared servers should have a seperate apache server for each client, that run under seperate userids.

Anon

yeah i thought so. thanks vincent! i wonder if those guys are aware of that... so far every shared server i've seen is using same user for apache process what makes other people be able to download my code. do you know some shared hosting which would offer me my own apache process?

[deleted]

Nope, sorry.