Date:  Fri, 1 Aug 2008 16:10:52 +0200
From:  "thomas" <tfj-online (at mark) mail.tele.dk>
Subject:  [coba-e:13679] Re: apache suexec
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <5d3f01c8f3e0$68275090$967da8c0@thomasferrari>
References:  <0b9201c8f2e4$d3d005f0$967da8c0 (at mark) thomasferrari> <722224.90970.qm (at mark) web65612.mail.ac4.yahoo.com> <00a001c8f308$13d5b640$3b8122c0$ (at mark) com> <48923324.8090704 (at mark) dogsbody.org> <001a01c8f36d$8718bf70$954a3e50$ (at mark) com> <109e01c8f3a2$65694b30$967da8c0 (at mark) thomasferrari> <015f01c8f3d8$a90742d0$fb15c870$ (at mark) com>
X-Mail-Count: 13679

From: "Stephanie Sullivan"

>
> Thomas - I tried my test on another server. I created a directory in the 
> web
> root (/web/x) in a valid site with a valid admin user. I protected the
> directory a+w so apache could write to it without restriction.
>
> I then ran the following php script in the directory via a http access. It
> came from an example on the php.net site:
>
> [alb (at mark) zzzzz x]# more x.php
> <?php
> $fp = fopen('data.txt', 'w');
> fwrite($fp, '1');
> fwrite($fp, '23');
> fclose($fp);
>
> ?>
>
> The script was the only file in the directory before running it. After I
> have the file data.txt as is below:
>
> [alb@zzzzz x]# ls -l
> total 8
> - -rw-r--r--  1 apache site1  3 Aug  1 08:56 data.txt
> - -rw-r--r--  1 alb    site1 89 Aug  1 08:56 x.php
>
> I don't know why it does not seem to work for you in this instance.
>
> Stephanie
>

yes I have now tried it with chmod a+w x/
drwxrwsrwx  2 root   site1  4096 Aug  1 15:33 x

how secure is this setup ???

drwxrwsr-x  7 nobody site1 4096 Aug  1 15:32 ..
-rw-r--r--  1 apache site1    3 Aug  1 15:33 data.txt
-rw-r--r--  1 thomas site1   90 Aug  1 15:33 x.php

if you make php create a folder inside x, lige y and then write data to a 
file x/y/data.txt, I'am pretty sure you will se the same ownership
apache:4294967295