Security issues
Just got my first RAQ with Linux ( I had a dedicated Win2000 box before, but it got so expensive ). Thanks to you all for your help, just got .htaccess ErrorDocument to work by reading some of the prev. threads in the RAQ forum. Now, my question:
I would like to install a webbased file management tool for my virtual sites. I really like PhpMyExplorer
I installed it - and are accessing it through regular webbrowsing ( domain . com/PhpMyExplorer ) , and now my problem is: permissions. I ( or I guess more correct the account the Apache process runs under ) have no rights of uploading/changing/deleting files.
What are my options? As I can see it:
1. Set chmod to 777 on all the published directories. I don't feel very comfortable doing this - however since I am no Unix guru - what are the actual risks?
2. Modify the script so it: a) writes files to a temporary directory structure ( with chmod 777 ) and then have a cron job moving files from temp-dir to the real published directory... Feels like a lot of wasted CPU cycles there ?
3. ????????? Your ideas?
I am no Unix or Apache guru ( more of an Windows system programmer ) so is there a possibility to somehow get a certain PHP script to run under another account ( actually root is what is needed )?
Note: I would rather not use CGI, PHP is what I feel comfortable with. However, since spawning another process seems like a must, I guess if you have a CGI solution please tell me.
I have heard of something called CGIWrap or something like that, but as I said please let me know if there is another way around?
