Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have the following problem: I want to grant different access rights
to different users on a page, identified by username/password. I want
to load the set of users/passwords from a database, from a file, or
whereever. This is more or less OK: outside users connecting via the
web can sent their username/password ($_POST variable), the script
checks it agains the users/passwords in the database, and grants
different access rights according to the username.
However, this is not safe against local users of the same machine:
since the php script of every local user runs under the same uid/gid,
every user can access the same database using a php script. One could
argue, that they can not figure out, how to access this database
(where it is located, if it requires a password, etc). But since my
php script must be readable by the www server (user=wwwrun), they can
read this script from a php script, which runs under the same uid.

I have found some articles about setting up different vhosts in
apache, and running these vhosts with different UID. But this needs
apache-configuration, as root. Is there a per-user way, which any user
can follow without the intervention of root, to set up a database,
which is only accessible by his php scripts?

Thank you

Re: permissions? (Daniel Barna) wrote in message
Quoted text here. Click to load it

If the users use only database resource, how about just use database's
built-in security system?

Quoted text here. Click to load it

don't forget vhost can't be set without restarting apache... Besides,
only root can change his own uid (unless you use nt), so that any
system-level methods can't work for you.

Re: permissions? (Aquila Deus) wrote in message
Quoted text here. Click to load it

I tried to play with mysql: set up a password for the database.
However, then I have to store this password somewhere: either in the
php script itself, or in a file, or whereever. But again, all other
users on the same machine can do the same: they can copy my script
file with the hardcoded password in it, or read the file containing
this password. I can't do these files (the script, or the one
containing the pw) unreadable by wwwrun, because then the php
interpreter itself could not read them. It means, that even if the
file permissions are set up in a way that other users can not directly
read it, they can write a php script, which will run under the user
wwwrun, and read these from their php script.

Another solution is to not store the password anywhere, but ask it
from my users via the _POST variable. But this is painful.

So the problem in general: whatever I do, all other users can also do,
since my and their php scripts run under the same uid.

Did I miss something? Are there better solutions?


Re: permissions? (Daniel Barna) wrote in message
Quoted text here. Click to load it

You can encode the password by md5 or other one-way hash function, so
that it would be safe even if somebody opens it. But the users would
not be able to restore password if they forget it (however you could
empty password and generate a new one for them).

Otherwise, as I wrote previously, use database's security system.
Databases such as MySQL have its own method to manage user
permissions. Instead of checking username/password in php, you could
create user accounts in mysql, then call mysql to check it.

Re: permissions?

Quoted text here. Click to load it

I am afraid I miss some basic knowledge. Up to now I used mysql from
php as follows:

$dbid = mysql_connect("hostname","username","password");

After this MySQL knows, what rights I have, and does not let me
access/modify/whatever those databases, to which I have no permission.
Is this what you meant by letting MySQL manage usernames and
But now username and password is hardcoded in my php script, which is
readable by wwwrun, so any other local users (on the machine) can also
read my script, so they will have the same rights as I have. Even if I
don't hardcode username and password in the php script, but store in a
file, say, this file must be readable by wwwrun, so again, any other
users of the machine, who have right to run php scripts, will be able
to read my file containing the username and password.

So what is the solution to grant acces to files/databases only from
those php scripts, which are OWNED by user1, and deny access for php
scripts OWNED by any other users?


Re: permissions? (Daniel Barna) wrote:

Quoted text here. Click to load it

Read this article:

DeeDee, don't press that button!  DeeDee!  NO!  Dee...

Site Timeline