Jason Morehouse wrote:
Hello. I'm not sure if this is an apache problem or php... but wondering if anyone has come across the same problem.
-rw------- 1 root root test.html -rw------- 1 root root test.php
Trying to access test.html via a browser servers up the apache 403 error page. The test.php however produces:
Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0 Warning: Unknown: Failed opening '/www/test.php' for inclusion (include_path='.:/www/php') in Unknown on line 0
Any ideas?
Apache (and the PHP Module within it) run as a specific user.
That user is not (and SHOULD NOT be) 'root'
You need to figure out what user Apache runs as.
It's set in httpd.conf by the 'User' directive.
Because Apache/PHP does not run as 'root', Apache/PHP do not have permission to *READ* the file.
If they can't *READ* the file, they can't deliver it to the surfer.
You need to change the permissions on the file to be *READABLE* by the 'User' of Apache/PHP.
Example chmod 644 test.html chmod 644 test.php
However, it would probably be even *better* to chown the files to some less-powerful user than 'root'
chown _SOME_USER_ test.html chown _SOME_USER_ test.php
You'll *still* need them to be read-able by Apache/PHP -- But in the unlikely event that somebody Evil manages to gain write-access to the files, at least they won't be root-owned, which would be even *worse* than just a normal user's files getting hacked.
You really need to read a tutorial on Unix file permsissions, and you have *GOT* to stop making HTML and PHP files as 'root' user!
I don't need a lesson in file permissions, thanks. Apache runs as nobody. The problem isn't trying to get apache to display test.php, it's having it display the proper 403 error page, rather than a php error when it doesn't have access to a page.
Each page, test.html and test.php have the same permissions. The html page gives the expected 403 error message when I try and access it (thats what I want). The other, php script doesn't. This is a security concern for me as it reveals paths on my system in the event a page has the wrong permissions. Why does apache not server the 403 on the php page? Maybe this is better off in the apache list.
-- Jason Morehouse Vendorama - Create your own online store http://www.vendorama.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php