Jump to content

Two Questions


Recommended Posts

1. Are global variables unavailable to only custom functions or PHP's built-in functions too?2. When the Apache software on my hosting provider's server reads my files to serve them is it doing so as "other"?I'm confused about Apache in relation to file permissions. I am the "user" of my files, there's also "group" permissions to be set and then there are "other" permissions too. Is Apache "other"?File permissions reference:http://en.wikipedia.org/wiki/File_system_permissionsThank you for your time.

Link to post
Share on other sites

Global variables are available to any function that wants to declare the variable as the global version. I doubt any built-in functions are going to use global variables other than the superglobal arrays.I'm not sure which user Apache is running under, it's probably not root (its also not your FTP account). If you want to test that, you can create a script to have PHP create a new text file, then use these functions to get information about the owner of that file:http://www.php.net/manual/en/function.fileowner.phphttp://www.php.net/manual/en/function.posix-getpwuid.php

Edited by justsomeguy
Link to post
Share on other sites

Each application runs as a user. The permissions you specify on a file apply for that user account, which can be used by one or many applications. Depending on how exactly PHP runs, it may run with the Apache user (if it's an Apache module), or as it's own, potentially different user (if it runs as CGI).To find the user PHP is running under, use

$_SERVER['USERNAME']

if available, or if not... do what justsomeguy said.The user under which Apache runs should be none of your concern, unless you want to serve (or execute) files that are outside of your public facing directory.

Link to post
Share on other sites

$_SERVER['USERNAME'] was unavailable, fileowner() returned the user id as a INT but POSIX functions are unavailable to me. I couldn't get the user info with posix_getpwuid().I'm dealing with file permissions now because I'm trying to secure my scripts in a shared hosting environment. I'm not able to put sensitive data above my document root. Right now they are in a directory in the root with a .htaccess file declaring "deny from all".

Link to post
Share on other sites

Just now through my FTP I noticed that default files that came preloaded in my document root (404 error page) have the same owner id INT as files PHP created and files I created. All the same owner.

Link to post
Share on other sites
$_SERVER['USERNAME'] was unavailable, fileowner() returned the user id as a INT but POSIX functions are unavailable to me. I couldn't get the user info with posix_getpwuid().I'm dealing with file permissions now because I'm trying to secure my scripts in a shared hosting environment. I'm not able to put sensitive data above my document root. Right now they are in a directory in the root with a .htaccess file declaring "deny from all".
You are protected then... if you can't put anything anywhere above your document root, you can be sure that anyone using the server can't do so either i.e. that they can only put files in their respective document roots. "deny from all" affects HTTP requests to those files, not filesystem ones (e.g. from PHP). Yet it seems the server permissions are set up so that each user can write only in their respective directories.If in doubt, select a user from this same server, and try to write something in their folder... or better yet - ask your host if they've set up their file permissions properly, so that only your PHP scripts have access to your files.
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...