Restricting access to the PHP file in accordance with the permissions of the user

Question

Restricting access to the PHP file in accordance with the permissions of the user

I have a PHP web application (running on Apache / Linux) that, among other things, allows you to view some local files on a web server. Because Apache works as a special user, www, PHP has access to everything that www can get, depending on which user is registered in the application.

What is the best way to restrict access to files according to the privileges of a Unix file system for a registered user? Ideally, I could create a new process with the user ID being the registered user, but I'm not sure if this is possible. In addition, is there somewhere a standard PHP library that will perform access control and file access checks?

+3

security filesystems php web-applications

Stan Jun 2 '11 at 13:39

source share

3 answers

, , , , - PHP, , ( SSH).

, ACL .

, , Zend : http://framework.zend.com/manual/en/zend.acl.html

+2

dynamic 02 . '11 13:43

:

( .htaccess Apache), " " PHP script.
Check user authentication status in script.
Use a script to download and output the file if the user is authenticated.

0

George Cummins Jun 2 '11 at 13:42

source share

Quamis · Accepted Answer · 2011-06-02T14:47:05+0000

You can take a look at http://httpd.apache.org/docs/2.0/suexec.html , it should do what you need without having to maintain separate lsit users and permissions in your applications.

, ( ) .

, www- ( ), PHP ( CGI/fastCGI).

Restricting access to the PHP file in accordance with the permissions of the user

More articles: