[SLUG] Ignorance alert: permissions
Paul Teasdale
pdt at ryetek.co.uk
Tue Sep 11 15:00:30 BST 2007
>
> Our host said "if your php process user owns the file then your script
> is to blame. If it's another user that owns the file then someone else's
> account was compromised".
>
True. I guess that's a good way of checking.
>
> We're now really hardline on all the permissions we use - 701 and 704
> (like I said before, ftp and apache create files as the same user) - and
> everytime we upload files via ftp we run a php script to remove excess
> baggage.
>
Unfortunately for my hosting they are not, apache and ftp are different
users. This means the easiest way to get things working is do as John did
and set weak permissions. Using the PHP FTP commands helped but it's far
from ideal (and thinking about it means that the files on my host could
potentially end up with two legit ids, one from apache/PHP and one from
FTP).
Regards,
Paul.
More information about the Scarborough
mailing list