Hello, On an Apache/Linux shared server: Suppose there are two accounts for two users, user1 and user2. user1 has one site hosted at this path: /home/user1/domain1.com/ user2 has one site hosted at this path: /home/user2/domain2.com/ Now, the PHP is running on the server under the "owner" user and so PHP can read from/write to any directory with permission code 755. The question now is: If user1 has the following PHP script in his account: /home/user1/domain1.com/bad.php Can he use that PHP script to write (create/overwrite/delete) to the following directory (755): /home/user2/domain2.com/ Note that the user who will be writing (create/overwrite/delete) to the user2's directory is PHP which has "owner" permissions on that server!
Hi, If apache and php are running as root on the server (assume you mean root by "owner") then yes the script would be running as root and therefore can do anything to those files. You should look into running suPHP.