Creating web-based applications that integrate tightly with the underlying operating system is pretty easy to do. However, you must be vigilant to avoid the serious security issues that can arise due to unchecked user input. Fortunately, PHP’s native functionality makes it easy to vet user input in a way that greatly reduces the likelihood of stolen or damaged server data.
When PHP is installed as an Apache module, it operates on behalf of the system user (which has assumed ownership of the Apache daemon). This means that when PHP executes an operating system command, the Apache daemon owner carries out that command. Therefore, any permissions assigned to the Apache daemon owner are applied when executing this command. Some improperly configured servers actually run Apache using the root user, meaning an errant PHP script could conceivably delete large parts of the operating system and any data stored within! Even in the more likely case of your server operating on behalf of a non-root user, the security risks remain nonetheless severe.
Clearly, you should avoid such gaffes at all costs. Thankfully, it’s easy to avoid these sorts of security problems using native PHP syntax. Jason Gilmore explains how in his PHPBuilder tutorial, “Mitigate the Security Risks of PHP System Command Execution.”