PHP Module User Config

xgoat

Does anyone know how to set the use that PHP runs as, when it is configured to run as an apache module? I know how to do it for when it is a CGI, but I dont for the module.

Robert

dalecosp

Originally posted by xgoat
Does anyone know how to set the use that PHP runs as, when it is configured to run as an apache module? I know how to do it for when it is a CGI, but I dont for the module.

Robert

Yeah, but....

Do you own the server? The apache module runs as whomever apache runs as, so often this user is 'www' or 'nobody' or 'httpd'... you have to change the user that Apache runs as.....

dalecosp

xgoat

The server's running virtualhosts - and I need to stop each user from accessing each other's files.

dalecosp

Originally posted by xgoat
The server's running virtualhosts - and I need to stop each user from accessing each other's files.

Hmmmm, that is something to be concerned about.

So, the guy in /home/fred can just tell PHP to do "fread "../bob/bobsecretfile" ?

Have you tried setting

php_value open_basedir=/home/fred

in each <VirtualHost> container of the httpd.conf file?

dalecosp

xgoat

I've sorted it - it just needed php to be put into "safe mode", which only allows the php script to access files that belong to the same user as the php script - so problem solved!