PHP security (configuration).

Anon

Beforehand I'm sorry for my english, I use an electronic translator.
I hope, you will answer my question. Because till now nobody could answer me my question. 🙂 I have installed PHP as DSO module for Apache (on my FreeBSD box). Apache server is worked under "nobody" username. It's necessary to customize the virtual server so that PHP-scripts were fulfilled from the owner of the file. In Apache server is certain suexec, but in my
case it will not work, because I have a module (not binary php). Please don't advise me to reinstall PHP as binary 🙂

How to solve this problem? 🙁

My piece from httpd.conf:
<Directory "/usr/null/shop/htdocs">
AllowOverride AuthConfig
php_admin_value doc_root /usr/null/shop
php_admin_value open_basedir /usr/null/shop
php_admin_value error_log /usr/null/shop/logs/phperror.log

1 Mb memory limit

php_admin_value memory_limit 1048576

Last error will be in $php_errormsg

php_admin_value track_errors on
php_admin_value safe_mode on
</Directory>

php4hosting

You can't make a module and suEXEC work, only the CGI version works with suEXEC

PHP as a module will only run as the apache user

Regards
Darren
http://www.php4hosting.com

Anon

I.e. if I shall write a script on creation of the file and I shall fulfil it on http, it will create the file which owner will be the user nobody. What to do, if I want to secure the scripts against other users? 🙁

Anon

With everything I've been reading so far on this topic and my experience with our server at work, Apache controls the module access, so if Apache is running as nobody, then the module is running as nobody.

The only way I can conceive of splitting up separate permissions for php is to install it as binary. It's really not all that difficult. It's just that mod_php is just so much easier to install.

Randy Stevenson