[HCS-D]mod_php alternatives? (and tonight's work)

Philip Zeyliger philz at hcs.harvard.edu
Mon Dec 6 09:15:23 EST 2004


There are hacky ways to run PHP as users.  We use them.  I set
them up...  The short story is you copy a binary to your scripts
dir, add a few lines to .htaccess, and everything *.php gets run
by that program, which runs PHP for you.  I can go into
more detail at a later time.

		-- Phil



On Mon, Dec 06, 2004 at 01:40:29AM -0500, Nick Rozenblyum scribbled:
> 
> > So -- who knows something about alternatives to mod_php?
> > What's the usual way to get php scripts run as their owners?
> > 
> 
> So as far as I know, there is no way to get mod_php to execute scripts
> as their owners without having apache run as root (which in itself is a
> really bad idea). On the other hand, getting rid of php altogether does
> not seem like a good idea - even if you did that any sort of scipting
> system that you would have would also have similar vulnerabilities.
> 
> A possible alternative (albeit, a *really* bad one) is to have everyone
> run the cgi version of php which would be set to run as the user.  The
> problem is, I don't think the system allows scripts (as opposed to
> compiled programs) to run as the user.
> 
> 	Nick
> 
> 
> P.S. Why isn't there a reply-to header in the hcs-discuss emails?
> 
> _______________________________________________
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
> http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss

-- 
                              (Note new e-mail)
      Philip Zeyliger :|: zeyliger at post.harvard.edu :|: Dunster '04

fun.  (A low cant word.)  Sport; high merriment; frolicksome delight.
							    (Johnson)


More information about the hcs-discuss mailing list