Running PHP scripts as the owner of the PHP file: security issues

Posted by thomasrutter on Server Fault See other posts from Server Fault or by thomasrutter
Published on 2010-05-10T06:56:59Z Indexed on 2010/05/10 7:05 UTC
Read the original article Hit count: 352

Filed under:
|
|
|
|

I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users.

However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files.

So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website.

How can I deal with this?

One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

© Server Fault or respective owner

Related posts about suexec

Related posts about php