How to create symbolic link within a PHP script?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi, it seems that I have the following issue when trying to create a
symbolic link within a script:

FROM COMMAND LINE:  The owner is set to myself.  Thus, it works.

FROM WEB PAGE:  It doesn't work as expected.

I know that it runs as one user at the command line and a different
user from the web page.  Thus, is it possible to do the following
within the script:

o  switch to the correct user
o  create the symbolic link
o  switch back web page user

BTW, I was using the following command:

exec ( "ln -s " . dirname( SITE_ROOT ) . "/common_directory/* " .
dirname( SITE_ROOT ) . "/new_directory" );

Thanks in advance,


Re: How to create symbolic link within a PHP script?

It's not possible.
The webserver runs at a specified user that problably is apace.
You cannot access to other user beacuse in ultimate instance is always
apache user that runs the command. If you could login or apache could
change user imagine what hackers would do to webservers. Rub scripts to
figure out the shell's users or even root acess...
If your problem is symbolic link why not use:


Re: How to create symbolic link within a PHP script?

sergiojm wrote:

Quoted text here. Click to load it

Ummm... Apache *can* change users. Google: mod_suexec.

Note: PHP scripts can be run via CGI.

Toby A Inkster BSc (Hons) ARCS
Contact Me  ~

Re: How to create symbolic link within a PHP script?

Conrad wrote:
Quoted text here. Click to load it

Hi, Conrad,

That depends.  If you're running on a shared server, then no, it probably won't  
be possible.  This will be restricted for security reasons.

If you're running your own server, then you can do it.  I wouldn't recommend  
doing it in Apache process though, just for security reasons.

What I've done in the past is to create an external script (outside webroot) which:

   1. 'su's to the desired user (preferably NOT root!) with posix_setuid()
   2. Performs the requested function
   3. Returns to the existing user

You will need the setuid bit turned on in the php.ini file.  However, I don't  
like to do this for the main executable.  So rather, I create another executable  
with a strange name (so it can't be guessed) and set it's setuid bit on.  Then I  
specify this "special" executable in the first line of the external script.

It's not great security - but it's some, anyway.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline