[Typo3] changing user in phpShell

Jacob Floyd techgurufloyd at gmail.com
Thu Apr 7 00:47:47 CEST 2005


You can't switch users in PHPshell but you can use it to your
advantage. If you've got SSH access you can enable others to write to
your folders (chmod o+rwx <name of folder or file>). Though this would
be very unsecure as *anyone* could write to your folder. However, I
found this extremely useful and used a PHPterminal, similar to
PHPshell, to install Typo3. I'm working on a shard host and didn't
want to bother having to submit a trouble ticket and have them chown
:<group> my typo3 stuff, so I enabled write access to everybody, used
the PHPterminal to install the parts of typo3 that needed to be
writeable by nobody, and used my regular account to do the rest. I of
course disabled write access after I was through to all but the typo3
folders (chmod o-w <name of folder or file>). A great way to DIY (no
pun intended). So you can't do everything from PHPshell, but it does
have very useful purposes in the 'nobody' user. :D

Cheers.
Jacob

On Apr 6, 2005 3:52 PM, Christopher <tombedlam at yahoo.com> wrote:
> --- Christoph Koehler <christoph.koehler at gmail.com > wrote:
> > On Wed, 06 Apr 2005 15:56:03 -0500, Michael Stucki <michael at typo3.org >
> > wrote:
> >
> > > Christoph Koehler wrote:
> > >
> > >> I installed phpShell on my webserver to use TYPO3 symlinks, since my
> > >> space
> > >> is very limited. However, I am logged in as nobody and cannot write to
> >
> > >> my
> > >> ftp account. Does anyone know how to change users so that I can login
> >
> > >> with
> > >> my username and pw?
> > >
> > > *smile*
> >
> > Which means....?
> 
> Which means, I think, that you need to review users, groups and permissions
> on Apache. Phpshell is (I guess) a php application; in most cases, php will
> be running as the Apache user 'nobody', and so your application will have
> the access levels appropriate to that user. If you're using shared hosting,
> all other scripts on the same server will run with the same permissions.
> You can probably see why it's useful (in terms of security) not to allow
> the 'nobody' user to write to users' accounts by default.
> 
> You can probably enable 'nobody' to write to your www or public_html
> directory by using the chmod command to set the directory permissions to
> '777', but be sure to change them back to 755 - or whatever they were
> before - when you've finished.
> 
> -Christopher
> 
> 
> __________________________________
> Yahoo! Messenger
> Show us what our next emoticon should look like. Join the fun.
> http://www.advision.webevents.yahoo.com/emoticontest 
> _______________________________________________
> Typo3-english mailing list
> Typo3-english at lists.netfielders.de 
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english 
>



More information about the TYPO3-english mailing list