Hello all,

I have apache2 and php4, running php as mod_php on a linux box (standard lamp).

What I want to do is setup a script that will update the change log in the header of my *.php files when prompted to from a frontend. the problem I'm running into is that all my php files are chmod 654 and the grp/owner is nobody, disallowing fopen access from within my scripts. This is how they get created.

If I chmod to allow the world to write, the update script can successfully edit the target file. I'm wondering if this is a security risk, or will open up any holes for possible exploitation? Or is there another way to go about this? I was thinking I might be able to use shell_exec to temporiarily mod the file so apache can edit it, then mod it back to it's original setting. I'm not sure if that's possible though, I'm not even sure if my fears are justified or if I'm just being overly paranoid.

Any guidance would be much appreciated.