PHP 4 security File Access Issue on AIX

Thread: PHP 4 security File Access Issue on AIX

Search this list only Search all lists
PHP 4 security File Access Issue on AIX
United States	2007-06-22 03:19:32
Hi. We are facing a problem with an old PHP application. The application browse the local server directory in order to show to the client browser file info and data. When we remove all the grants from "others", from any of the directoryes or the tree involved, or the files themself, the progam pop up with the error: ------ Warning: opendir(/appl/apt000/pt0/include/p/): failed to open dir: Permission denied in /appl/estion/AE/web/html/sources/filed/ gestioneOggetti.php on line 337 ------ The PHP script line involved is $hd=opendir($dir); with $dir="/appl/apt000/pt0/include/p/" This is the directory list where no "others" permissions are granted: [aspt000svuni330:/appl/apt000/pt0/include]#> ls -al p drwxrwx--- 2 aspt000 aspt000 4096 Apr 19 12:52 p If the directory gets backs the grants for "others" [aspt000svuni330:/appl/apt000/pt0/include]#> ls -al p drwxrwxrwx 2 aspt000 aspt000 4096 Apr 19 12:52 p evrything goes fine. The user runnig the web server is in the same group (aspt000) (but is not the owner) of any of the dirs/files involved. If we run a simple PHP script We are using - AIX 3.5 - PHP Version 4.3.8 - PHP API 20020918 - PHP Extension 20020429 - Zend Extension 20021010 - Thread Safety disabled - Apache/1.3.33 (Unix) mod_ssl/2.8.24 OpenSSL/0.9.8d PHP/4.3.8 - Apache Release 10333100 - Apache API Version 19990320 We want to tighten the security on the machine so we have to remove the "others" grants, but in other hand we don't want to face a PHP upgrade to a newer version. Any suggestions ? Thanks. --~--~---------~--~----~------------~-------~--~----~ This group is managed and maintained by the development staff at 360 PSG. An enterprise application development company utilizing open-source technologies for todays small-to-medium size businesses. For information or project assistance please visit : http://www.360psg.com You received this message because you are subscribed to the Google Groups "Professional PHP Developers" group. To post to this group, send email to Professional-PHPgooglegroups.com To unsubscribe from this group, send email to Professional-PHP-unsubscribegooglegroups.com For more options, visit this group at http: //groups.google.com/group/Professional-PHP -~----------~----~----~----~------~----~------~--~---

[1]

about | contact Other archives ( Real Estate discussion Medical topics )