Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Pjotr Wedersteers
August 3, 2004, 11:35 pm
rate this thread
I have in my wwwroot folder (/srv/www/htdocs) a folder called counters.
I have embedded a page counter script into several of the webpages I
ls -lias for htdocs, and below the one for htodocs/counters
5197 1 drwxr-xr-x 8 pjotr root 480 Aug 1 09:36
131618 2 drwxrwxrwx 2 pjotr users 1592 Aug 3 17:23
If I run the counter.php script from a browser (embedded) the counter txt
file is owned by the web server process:
131651 4 -rw-r--r-- 1 wwwrun www 2 Aug 3 13:41
If I removed the rxw rights for other on counters, the script fails. So far
I get it, since wwwrun is not in group users.
But then i though, why not change ownership of counters to wwwrun, group to
www and remove rxw for all others.
So I gett
131618 2 drwxrwxrwx 2 wwwrun www 1592 Aug 3 17:23
But even before removing rwx for others I get the following error when
running the counter script:
Warning: fopen(): SAFE MODE Restriction in effect. The script whose uid is
500 is not allowed to access /srv/www/htdocs/counters owned by uid 30 in
/srv/www/htdocs/counter.php on line 26
Tempting as it is to disable SAFE MODE I know that is probably not good
practice. What am I missing here ? I just don't get this.
Peraps my entire security setup is not good for this server. Do I have to
change ownership of the higher directories as well ?
I am not too happy about a directory writable and executable to all the
world. I can hardly imagine that is safe practice.
So any help appreciated.