I’m writing this cURL script in PHP. It’s purpose is to take a product or category code given to it (which type of code it is is ambiguous at that point, sure, it’s possible for a category and a product to have the same code, but that’s what business rules are for and what this question is NOT about), and then attempt to load either a product or category page on our shopping cart with it. Whichever page returns a 200 response then gets its output cached into an html file in the DocumentRoot.
Problem is, the DocumentRoot isn’t owned by apache and I don’t feel comfortable giving global write permissions to the DocumentRoot, so while the script works for the most part, the page doesn’t get cached.
I do not have root or su access to the server and cannot get either. I tried writing the file to the /tmp/ directory and then moving it, but the permissions won’t let me. Is there a way around this without opening up a security hole? If not, would this be possible with a Perl CGI script or would I face the same problem?
If apache doesn’t have the rights do something, then there’s nothing you can do to bypass it short of putting in an suid program to force a permissions set, use suphp to do the same, or just grant the required permissions.
Another option is to grant Apache write permissions in a SUBdirectory off the documentroot, and then use some mod_rewrite magic to make requests for those cached files get transparently rewritten to use the subdir instead. that way you’ve got a writeable directory, but don’t have the issues of making the parent document root writeable.