LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-22-2008, 01:20 PM   #1
fuzzyworm
Member
 
Registered: Sep 2003
Location: Stroud, UK
Distribution: Kubuntu, Debian
Posts: 149

Rep: Reputation: 15
Is it possible to allow just one PHP script to edit a file?


I am writing a security app, part of which requires routine modifications to a list of allowed users in a config file.

I have successfully written the script to work with a sample of the config file, and I know that I could make it generally writeable by all PHP scripts by 'chmod'ing and 'chown'ing it to make it writeable by www-data etc.

The problem is, other users will potentially be able to install scripts on the same server, not immediately, but eventually. Consequently, since this file is an important part of our security system, it would be bad if it were generally writeable by any PHP script.

Is there some way to make this one script run as a different user. I would prefer not to save any sensitive info. (passwords etc.) in the source code of the file itself, but at the moment, that's the only way I can think of doing it.
 
Old 08-23-2008, 05:59 AM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
DO you use SELinux? You could probably create a policy to achieve this
 
Old 08-23-2008, 06:16 AM   #3
AdaHacker
Member
 
Registered: Oct 2001
Location: Brockport, NY
Distribution: Kubuntu
Posts: 384

Rep: Reputation: 30
Take a look at Apache's suEXEC feature. It allows you to set up virtual hosts to execute CGI programs as different users, so you could have one account to run your administrative stuff and another for your users.
 
Old 08-23-2008, 06:32 AM   #4
vharishankar
Senior Member
 
Registered: Dec 2003
Posts: 3,142
Blog Entries: 4

Rep: Reputation: 120Reputation: 120
The easiest way is to use simple file permissions and make the file owned by a different user (or group) which only that particular program has access to. Other users/groups won't be able to access/modify it.
 
Old 08-25-2008, 06:47 AM   #5
fuzzyworm
Member
 
Registered: Sep 2003
Location: Stroud, UK
Distribution: Kubuntu, Debian
Posts: 149

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by AdaHacker View Post
Take a look at Apache's suEXEC feature. It allows you to set up virtual hosts to execute CGI programs as different users, so you could have one account to run your administrative stuff and another for your users.
That looks like just what I'm looking for.

Thanks very much, and thanks to everyone else who posted.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Need help create a bash script to edit CSV File imkornhulio Programming 13 02-05-2009 10:23 AM
Shell script to edit a file kaash_m31 Linux - Newbie 2 06-02-2008 05:43 AM
Bash script to edit text file snowman81 Linux - Desktop 2 01-10-2007 03:33 PM
Help with a script to edit text file (awk? sed?) rickh Linux - Newbie 8 04-21-2005 08:24 PM
script edit file.. johnyy Linux - Software 4 01-22-2004 05:50 PM


All times are GMT -5. The time now is 11:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration