Apache running as nobody, but whoami shows “root” or my user name
https://stackoverflow.com/questions/12498252
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
the problem is that I used ps aux | grep apache which says the apache is running as nobody.
But then I used exec("whoami"), it gives a different result: root or gt. It depends on the owner of the script. If the script is owned by root, whoami is root; if owned by gt, then whoami is gt.
I also checked httpd.conf, the apache user is nobody, group is nobody.
So could anybody explain this thing?
Thank you!
Lösung
you are using either cgi or fast-cgi ,
to be "nobody" you need to use mod_php (php as an apache module)
http://php.net/manual/en/security.apache.php
When PHP is used as an Apache module it inherits Apache's user permissions (typically those of the "nobody" user).
http://www.php.net/manual/en/security.cgi-bin.attacks.php
Using PHP as a CGI binary is an option for setups that for some reason do not wish to integrate PHP as a module into server software (like Apache), or will use PHP with different kinds of CGI wrappers to create safe chroot and setuid environments for scripts.
And there is also SuPHP https://serverfault.com/questions/7589/how-do-you-run-a-php-script-as-the-owner
