PHP Access Question

pgosse

Hi there. Really hoping someone can shed some light on this situation.

I'm in charge of the website at a university and my sysadmin is currently setting up a test machine with the new Oracle internet application server. With this he can easily run php, but the problem is there are a number of other users on the server who maintain small portions of the site and who shouldn't have the ability to use php.

He's quite busy so I'm doing a bit of legwork looking for a solution to our problem.

Is there a way to limit who can upload php files to the server? Could something perhaps be set up with the different groups on the server, and with the users within those groups, to allow only users within my group to upload php files?

Basically I'm looking to be able to use php myself, but limit all other users to html only.

Is this possible?

Thanks,
Pablo

Anon

here's one way to do it. There might be a better way, but im not sure.

edit the php.ini file, and set auto_prepend_file to a php file, which looks like this:

At least it's an idea. It might be airtight, but it should get you started. Good luck, and let me know if you use it

<?
$php_uallowed = array("Pablo", "Admin"); //which users' php files can be run?
$php_gallowed = array("phpgroup", "Admin"); //which groups' php files can be run?

$file_owner = posix_getpwuid(fileowner($HTTP_SERVER_VARS["PATH_TRANSLATED"]));
$file_group = posix_getgrgid(filegroup($HTTP_SERVER_VARS["PATH_TRANSLATED"]));
//get the owner and group of the file being run

if (!((in_array($file_owner, $php_uallowed))||(in_array($file_group, $php_gallowed))))
die("<B>Fatal Error:</B> This user does not allowed to run php files.");

pgosse

Thanks for the tip, Ellery. I came up with part of this solution last night, the only thing I was missing was how to get that chunk of code that would identify the user/group info into each file that was called.

Thanks for the tip!!!!!!!

Pablo