Surpass Web Hosting Forums - View Single Post

H · April 21st, 2006, 12:20 AM

Without phpsuexec, PHP runs as nobody. With it, it runs as your username.

Under nobody, a PHP script can't move a file to folder with permissions 0755. Under your username and the folder as your username, it can.

So under phpsuexec, it cares about what first digit it where it otherwise would depend on one of the other two. Because it's running as the owner, it uses the owner permissions.

It could be 0700 and still do whatever it wanted through the PHP script.

And even if you did lower the permissions, the script would be able to change them rather easily through the chmod() function.

There's obviously benefits to running as phpsuexec, but it also lowers security in different areas.

April 21st, 2006, 12:20 AM	#9 (permalink)
H after g, before i Resident. Joined in Jul 2004 Hosted on Gojira 8,027 posts Gave thanks: 48 Thanked 129 times	Without phpsuexec, PHP runs as nobody. With it, it runs as your username. Under nobody, a PHP script can't move a file to folder with permissions 0755. Under your username and the folder as your username, it can. So under phpsuexec, it cares about what first digit it where it otherwise would depend on one of the other two. Because it's running as the owner, it uses the owner permissions. It could be 0700 and still do whatever it wanted through the PHP script. And even if you did lower the permissions, the script would be able to change them rather easily through the chmod() function. There's obviously benefits to running as phpsuexec, but it also lowers security in different areas.