Limiting PHP's file access according to logged-in user's access permissions

I have a PHP web application (running on Apache/Linux) that, among other things, allows some browsing of local files on the web server. Since Apache is开发者_开发问答 running as a special "www" user, PHP has access to everything that "www" can access, whichever user is logged into the application.

What is the best way to limit the access to files according to the Unix filesystem privileges for the logged-in user? Ideally, I could spawn off a new process with user ID being the logged in user, but I'm not sure if that's possible. Alternatively, is there a standard PHP library somewhere that will do the permission checking and access the files?

I don't get what you mean because the user that access the files is the PHP users, not a generic user that request your page (you are not connecting to your server with SSH)

You may want to implement an ACL on top of your application to manage this rights.

And of course Zend has the solution: http://framework.zend.com/manual/en/zend.acl.html

You may take a look over http://httpd.apache.org/docs/2.0/suexec.html it should do what you need, without the need to keep a separate lsit of users and permissions in your aplications.

As far as i know, this extension is implemented on some(if not all) shared hosting services to control how resources are divided between users.

This will lead to scripts not getting executed by www-data(but by the system user), and PHP not running as a module(by CGI/fastCGI mechanisms).

This can be accomplished via a three-step process:

1. Create a rewrite rule (via .htaccess or the Apache config file) to redirect all requests for your "local files" to a PHP script.
2. Check the authentication status of the user in the script.
3. Use the script to load and output the file if the user is authenticated.