PHP :: Request #16287 :: SUID for PHP scripts

Request #16287	SUID for PHP scripts
Submitted:	2002-03-26 08:59 UTC	Modified:	2002-03-26 12:12 UTC
From:	luci at conexim dot com dot au	Assigned:
Status:	Not a bug	Package:	Feature/Change Request
PHP Version:	4.1.2	OS:	RH7.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	luci at conexim dot com dot au
New email:
PHP Version:		OS:

New Comment:

[2002-03-26 08:59 UTC] luci at conexim dot com dot au

There is a need for suexec/suid type functionality for PHP scripts - switch of ownership conext in a secure environment. Is this going to happen?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-26 09:01 UTC] derick@php.net

PHP already has functions to swap uids and guids, posix_* (see www.php.net/posix).

Derick

[2002-03-26 09:08 UTC] hholzgra@php.net

http://php.net/posix_setuid

[2002-03-26 09:12 UTC] luci at conexim dot com dot au

Those functions are very good, except they cannot be used in a hosting context where the users are not root...

There should be a mechanism like Apache has for .cgi's (per virtual host or location) or dynamically establishing the owner via the home directory lookup.

[2002-03-26 09:16 UTC] luci at conexim dot com dot au

ooops should've changed the status before...

[2002-03-26 09:52 UTC] alan_k@php.net

This is part of Apache &/or the web server responsiblity, doing it in PHP, would (apart from duplicate resources), be a bit security headache..

I believe it is a feature of Apache 2. 

If you are looking at cgi's, you could consider the php-cgiwrap that is available on the net somewhere.

Its not really (AFAIK) ever going to be a php feature.

[2002-03-26 11:06 UTC] daniel@php.net

There is no official solution for this. But you might want to read my posting:

http://news.php.net/article.php?group=php.dev&article=81135

although there are some people who believe in the greater security of mod_php as mod_php has no write access to the home directories of the user. 

feel free to contact me for further questions about php-cgiwrap by private mail.

[2002-03-26 12:12 UTC] rasmus@php.net

Apache 2.0's per-child mpm will have a solution for this eventually.  This can not be done at the PHP level effectively.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Jul 15 01:01:35 2025 UTC