PHP as an Apache Module

⌘K

When PHP runs as an Apache module, PHP files work under the Apache user/group known as “nobody”. For example, when a PHP file needs to write to another file or create/remove a file, it does so under the name “nobody”. In order to allow “nobody” to do this, you need to set specific permissions on the file/directory, such as 777 – which translates to read/write/execute by user/group/world. This is insecure because you have not only allowed the webserver (Apache) to read/write to the file, you have also allowed everyone else on the server to read/write to the file as well!

Due to the above conditions, when a PHP file creates or uploads a new file under your account, the new file will be owned by the user “nobody”. If you FTP into your account, all files owned by “nobody” will not be available for you to move, rename or delete. In this case the only way to remove the “nobody” owned files would be through a file on the server or to contact support and ask for the file ownership to be changed back to your username.