webserver security challenge

The challenge is how to secure PHP files on a webserver. This will require some serious Linux Administrator skills and also some C and/or PHP.

## Deliverables

To simplify this project requirements, we will work with only two files, which will be located in /home/User/public_html:

[url removed, login to view]

[url removed, login to view]

The file [url removed, login to view] will be owned by 'root', chmod 600 (-rw-------).

The file [url removed, login to view] will be owned by User, chmod 644 (-rw-r--r--).

The User will have FTP access to the server using the User ID.

Apache will be configured to run with the ID 'Apache'.

**The contents of file [url removed, login to view] will be:

**<?php

$value = 3 * 7; // secret formula!

?>

**The contents of file [url removed, login to view] will be:

**<?php

include '[url removed, login to view]';

echo $value;

?>

**YOUR CHALLENGE IS AS FOLLOWS:**

Configure the server in such way, that the script "[url removed, login to view]" will work as expected (http://localhost/~User will display the value "21"), AND the User will be allowed to modify [url removed, login to view] via FTP, AND the User will not be able to obtain the contents of "[url removed, login to view]" (which has the secret formula).

You are allowed to use "any means necessary" to accomplish this: Unix permissions, encryption, PHP interpreter modification, Linux kernel modification, additional programs/layers, etc.

* * *This broadcast message was sent to all bidders on Monday Jul 14, 2008 8:10:55 PM:

hi All, Thanks for your interest in this project, but I have finally found out, it is very easy to do by simply using Unix permissions in combination with PHP safe_mode and disable_functions. This last part is critical to prevent access as the Apache user. None of the bidders were aware of this capability.

C Programming PHP

Project ID: #3046222

About the project