Issue
If a PHP script on the server can't create a directory, is this usually because PHP is running as apache/nobody? So can you say from this that the server is misconfigured? (or just using the standard configuration)
For security purposes it would be better if php was running as the user, and if it was, would this problem (requiring 777) still occur? I don't think so but I thought I'd ask...
Solution
So can you say from this that the server is misconfigured?
No. That's how it's supposed to be. php scripts executed by apache run as user www-data
(on Ubuntu). www-data
has practically no writing rights on the entire server. And that's how it's supposed to be. If you write an even slightly insecure php script (e.g. susceptible to code injection) and it's being run as root, a malicious visitor could wipe out your entire hard drive.
For security purposes it would be better if php was running as the user?
Who do you mean by the user? If it's root, see above. If it's a user with root privileges, see above.
Would this problem (requiring 777) still occur?
The problem is that you're using code that needs full reading, writing and executing permission on a foreign directory.
If it's a directory that will only be used by your script, www-data
should own it. Problem solved.
If you're using a php script that has to have access to sensitive system areas, you may want to rethink the way of doing this. Many tasks that a php script is supposed to execute could be scheduled by the script and later executed by a cron job.
Last but not least, if you you absolutely have to, you can run php as any user you want. Just install the module mpm_itk_module
and add
AssignUserId user group
inside the <VirtualHost>
tag.
But be aware that - as I said before - with a bad script and the wrong privileges, Very Bad Things (TM) could happen.
Answered By - Dennis Answer Checked By - Dawn Plyler (WPSolving Volunteer)