Hi,

Apache is running as 'apache' user in group 'www-data', started by root (ofcourse). (version 1.3.20)
Perl script is a distribution script copying files with scp. Keys are located in the home directory of apache user.
PHP configured without a php.ini (thus default apply). Apache and PHP were compiled from source.
I'm php developers since the early beginning, and now almost fulltime PHP programmer.

Now!
system("/usr/local/bin/distributer.pl $audioid $newfilename 2>>/tmp/distributor.log 1>&2 &");

This should distributed files to our fileservers. But rather than running as apache-user (where the ssh keys are) it runs as root!!! I never, in all these years, saw this! I'm pretty unsure if this is true or if this can be?
I would like to here it is a missconfiguration of mine..
The logs of my Perl script show:

      Starting distribution as user root

The fact that it runs as 'root' compromises my security stuff and the project will not work..

Just tell me i'm wrong and this can't be true.. Or is this the way things are done? ;p


Geert

PS: i'm submitting this in a hury and didn't search possible submittes. call it panic.