security problem with php5_cgi=yes

T

tincboy

Verified User
Joined
Aug 14, 2009
Messages
126
I've recompiled php with php5_cgi=yes
But with a simple shell script I can see whole server's files,
Doesn't php5_cgi means each file must have it's owner and permissions right?
 
With SAG you won't forbid users to go out of homedir and read system files. It will protect from seeing other users homedirs.
 
Login as a general user via SSH and see where you can get with your permissions. Why do you think PHP makes any big difference? Of course you might want to use open_basedir (if you are not using 5.3.x), but it won't give 100% guarantee.
 
I asked that because while I was using php_cli=yes that specific shell can't see other files out side of it's home directory, but changing it to php5_cgi made this issue,
Previously I guessed running php_cgi is more secure than cli, isn't it right?
 
Yes, PHP_CGI is more secure, in my opinion. Despite on that, you should take care of security of your server, and chmod/chown your directories and files extra if it's needed.
 
Permissions are right, but the shell can access other user's files,
I guess something is wrong in my server and php_cgi is not really working, How can I sure that php files are running with relate user's permission and not by apache or nobody users?
 
it shows that the file is running with related user and not by apache or nobody,
Do you have any guess what's wrong that a user can see other's file while using php_cgi ?
 
You must log in or register to reply here.
Back
Top