I was wondering how it is possible that a php script can write in users home dir without allowing apache write access?
Webserver runs as apache (with php-fpm) and the home dir is /home/user2 and has permissions: user2:user2 with 750
example:
if i have a php script in
/home/user2/domains/mydomain/public_html/createfile.php
with owner user2:user2
and i have it create a file in: ../../../newfile.txt
and have the script executed through apache:
www.mydomain.tld/createfile.php
then it writes the new file without any problem in /home/user2/newfile.txt with owner user2:user2 and file mode 640
i would expect this would be denied since the directory mode is 750 and not owned by apache nor group apache and 'other' only has no rights.
i checked /etc/groups and no clues there either.
also, if it is created by php-fpm, which runs as root you'd expect the new file the be onwed by root, but thats not the case either.
then i figured perhaps gid bit is set on the directory but this is also not the case.
what am i missing here?
Webserver runs as apache (with php-fpm) and the home dir is /home/user2 and has permissions: user2:user2 with 750
example:
if i have a php script in
/home/user2/domains/mydomain/public_html/createfile.php
with owner user2:user2
and i have it create a file in: ../../../newfile.txt
and have the script executed through apache:
www.mydomain.tld/createfile.php
then it writes the new file without any problem in /home/user2/newfile.txt with owner user2:user2 and file mode 640
i would expect this would be denied since the directory mode is 750 and not owned by apache nor group apache and 'other' only has no rights.
i checked /etc/groups and no clues there either.
also, if it is created by php-fpm, which runs as root you'd expect the new file the be onwed by root, but thats not the case either.
then i figured perhaps gid bit is set on the directory but this is also not the case.
what am i missing here?
