[HCS-D]mod_php alternatives? (and tonight's work)
philz at hcs.harvard.edu
Mon Dec 6 09:15:23 EST 2004
There are hacky ways to run PHP as users. We use them. I set
them up... The short story is you copy a binary to your scripts
dir, add a few lines to .htaccess, and everything *.php gets run
by that program, which runs PHP for you. I can go into
more detail at a later time.
On Mon, Dec 06, 2004 at 01:40:29AM -0500, Nick Rozenblyum scribbled:
> > So -- who knows something about alternatives to mod_php?
> > What's the usual way to get php scripts run as their owners?
> So as far as I know, there is no way to get mod_php to execute scripts
> as their owners without having apache run as root (which in itself is a
> really bad idea). On the other hand, getting rid of php altogether does
> not seem like a good idea - even if you did that any sort of scipting
> system that you would have would also have similar vulnerabilities.
> A possible alternative (albeit, a *really* bad one) is to have everyone
> run the cgi version of php which would be set to run as the user. The
> problem is, I don't think the system allows scripts (as opposed to
> compiled programs) to run as the user.
> P.S. Why isn't there a reply-to header in the hcs-discuss emails?
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
(Note new e-mail)
Philip Zeyliger :|: zeyliger at post.harvard.edu :|: Dunster '04
fun. (A low cant word.) Sport; high merriment; frolicksome delight.
More information about the hcs-discuss