[H-GEN] finding which user executes a script

Michael Anthon michael at anthon.net
Wed May 14 07:03:38 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

> Sorry if this is a dum question, but how do I find out what user is
> executing a php script, It's to do with my previous post about php and
file
> uploading, if I know what user is executing the php script (eg. apache or
> nobody) then I could add them to the group who owns the directory, and
just
> give that group write permissions?  I just don't know how to find out who
> the user is.

Try this....
belial:~# ps aux | grep apache
root       658  0.0  0.3 77000  720 ?        S    May06   0:00
/usr/sbin/apache
www-data   667  0.0  1.0 78828 1980 ?        S    May06   0:04
/usr/sbin/apache
<other output snipped, more of the same, one for each child process)

The first apache process is the master one that spawns all the others and
handles things like making sure there is enough child processes running and
other stuff[1].  This process always(maybe not?) runs as root.

The second and subsequent processes are the child threads that actually
handle the http requests. These are run as the user defined in the apache
config file (normally /etc/apache/httpd.conf on sensible systems, sometimes
/etc/httpd/httpd.conf or /etc/httpd/conf/httpd.conf).  Here is a snippet
from my config...

#########################################
#
# If you wish apache to run as a different user or group, you must run
# apacheas root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run apache as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
#  . On HPUX you may not be able to use shared memory as nobody, and the
#    suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000;
#  don't use Group nobody on these systems!
#
User www-data
Group www-data

#########################################

So, you can either use ps as above to find the user or grep the http config
for ^User

There is another situation as well where this does not hold true.  If you
are using suexec within apache then that allows the script to run as the
owner of the script file under very strict circumstances.  Given that suexec
is a right bitch to get going and that you are asking the question you are
then I doubt this would be the case anyway

Cheers
Michael

[1] A euphemism for "I don't know what else, look it up in the doco if you
care"


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list