Reputation: 193
how to run PHP as an individual users specifically including file access permissions
The application produces data by user. Each user has a unique user id and associated unique file permissions. User files are stored in individual directories with associated user permissions on each directory.
The requirements are to provide secure individual user access to only user's files via a portal, assume PHP. A design being considered is to mimic the directory structure and permissions in the portal environment. If it were possible to run PHP as a user then the system permission access security could be used. (this would limit the scope of security implementation to the login process and not to the application.)
Question: Is it possible to run PHP as a user and assume user file permissions?
Research has identified some similar questions, but not the direct question of running PHP as an individual user.
Upvotes: 0
Views: 490
Answers (1)
Reputation: 32272
There are a handful of solutions, from best to worst:
- Use something like FPM to configure separate process pools configured to run as each user.
- Only best if you have a small, fixed number of users, becomes a config/admin nightmare otherwise.
- Basically shared hosting.
- Stop relying on OS-level users and permissions enforcement altogether and build it into your app.
- Create your own permissions enforcement abstraction layer in PHP.
- Basically #2, but without the first part, which actually makes it more complicated.
- Use
posix_seteuid()andposix_setegid()to change the effective UID and GID of the running process.
"But wait!" I hear you say, "That last option seems like exactly what I need! Why is it the worst?"
Because in order to change the UID or GID of a process that process must first be running as a user that is permitted to do such a thing. That user is root.
Running PHP as root, even briefly in order to drop to a different UID/GID, is a massive security hole. Even the most minor bug or flaw is now game over, and this is exponentially more true if you're writing a file manager.
"That's fine," you retort, "this is only for internal use with trusted users, so I'm not worried about security."
NO. BAD. [bops you with a rolled-up newspaper]
Never. Trust. Users.
At best they will never intentionally break or compromise your app, but:
- This view is naieve at best.
- The universe is constantly manufacturing new and innovative forms of idiot.
- Smart, well-meaning idiots like to find "workarounds" so that they don't have to bother you.
- Compromised client machines are a threat.
- Assuming that your internal network is not compromised nor ever will be is a mistake. [see #4]
- Security auditors will crucify you.
and the list goes on.
TL;DR: Unless you're setting up per-user vhosts/sites/apps. Store the files outside of the docroot and use Option #2 to gate access via PHP. If anyone catches you running PHP as root you're going to have a bad time.
Upvotes: 2
Related Questions
- Running command-line application from PHP as specific user
- changing php user to run as nginx user
- run shell script from php as a specified user
- Correct and secure way to have PHP execute a shell script
- file permissions for php scripts which runs as apache user
- Execute a script as another user
- php - How can i manage users permission?
- How to run php script from webserver with user permission
- Secure php files so only I can execute them
- Running shell script from PHP as different (non root) user