[HCS-D]mod_php alternatives? (and tonight's work)

Nick Rozenblyum rozenbly at fas.harvard.edu
Mon Dec 6 01:40:29 EST 2004


> So -- who knows something about alternatives to mod_php?
> What's the usual way to get php scripts run as their owners?
> 

So as far as I know, there is no way to get mod_php to execute scripts
as their owners without having apache run as root (which in itself is a
really bad idea). On the other hand, getting rid of php altogether does
not seem like a good idea - even if you did that any sort of scipting
system that you would have would also have similar vulnerabilities.

A possible alternative (albeit, a *really* bad one) is to have everyone
run the cgi version of php which would be set to run as the user.  The
problem is, I don't think the system allows scripts (as opposed to
compiled programs) to run as the user.

	Nick


P.S. Why isn't there a reply-to header in the hcs-discuss emails?



More information about the hcs-discuss mailing list