PHP and shell scripts
I have some PHP scripts which allow uploading of files and storing of those files inside the docroot somewhere. I cannot store the files outside of docroot!!!
PHP is also running as user: apache For the reasons above I have been trying to figure out a secure alternative using shell scripts. My plan it to create several shell scripts: - movefile.sh - deletefiles.sh - createfolders.sh The idea is to hopefully have PHP invoke each of these shell scripts programatically as the need arises. After PHP uploads a file from the browser it needs to move it to a directory inside the docroot, something like: var/www/uploads/ I figured I could store files inside uploads with the permission 755. The problem is PHP is user: apache and if it's responsible for creating the directories/files theat means they are not secure from tampering from the outside world - I think anyways. :) So what I was thinking: If it's possible to create the above shell scripts and have them run as a different user than "apache" (or whatever its run as) such as a "shell". So long as the shell scripts are the owners of the files/folders then writing to them any other way with permission 755 is impossible (especially from the outside world). My question becomes, is there a way I can make a shell script run under a specified user when invoked rom PHP or does the shell script inherit PHP's attributes, thus becoming user: "apache". I've poked around Google and found a few articles and it seems possible by setting the script SETUID flag??? Now your familiar with my situation, what can you recommend? Is this possible? I am aware it's possible to run PHP as it's own user (phpsuexec or CGI) but because most LAMP setups have PHP run as a apache module I'd rather the shell script approach if possible. Cheers :) |
I'm not sure if this is an acceptable alternative:
http://www-uxsup.csx.cam.ac.uk/~jw35...html/x2502.htm It basically entails using apache to stop http access to certain file types; hence, once uploaded they are no longer accessible. |
Quote:
Code:
$ sudo -u user script.sh |
All times are GMT -5. The time now is 12:08 PM. |