Quote:
Only if we speak about (in our case) PHP as Apache's module, which works with Apache privileges... And it is totally incorrect if
- PHP used as CGI (I hate this solution)
- PHP's cgi is suexec'ed
Well, that's exactly what we're speaking of right now. The problems is that some "profesionnals" offer solutions with:
- No suexec
- Safe mode off
- No open_basedir or any similar restriction
Quote:
- give group write access only to files-directories, which (can|have to) be changed by apache user
That's where the problem is... if there is no "jail", then giving group (and thus: apache) write access means you give any other customer write access: you're still f*$=d up.
Quote:
OK, enough for today... I spent more time than I can at this learning course for the thankless listeners
lol
It's just about the way you speak man... "Lie or stupidity..." is not very educative. Maybe having told what you think would have prevented several people to have to waste time here: maybe Herko was wrong when he orginally told that giving write-access to apache meant xx7, but again: on bad configs, without the correct restrictions, whatever mean you choose to enable apache to write (whether it's group or world or your sister in shorts) has the same result: it's deeply insecure.
skalpa.>
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)