Minimalist permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Please forgive me if this specific question has already been addressed, but I'm doing tests to figure out what are the minimal permissions I can give on my files and folders for a PHP application and I just can't find it (even by searching this list). Feel free to redirect me to existing documentation that I woule have missed, if needed.

My config: Apache2 on RHEL, php-4.3.2-19. The server runs as apache.apache. I have a test server and a prod servers. On the test server, one developper accesses the files directly in his home (userdir activated). On my production server, the application is located in a subfolder of the document root (/var/www/html/) and files are tarred on the test server, copied using sftp (to my user account) mv'ed into /var/www/html and then untarred. This server is not shared by external users, so it is usually only root that can put content in the DocRoot.

According to my tests, we need read permissions for php files to be processed by apache, and we need execute (and read) permissions on direcories. For directories in which php uploads (images) or create (pdf) files, it needs write permissions on the directory.

I'm curious about the reason why it needs execute permissions on directory. According to the documentation, 'x' on directories allows to 'search' a direcory. Isn't 'r' enough? That allows php to read the directory listing... However, this is not my main concern...


So here it is: If the needed permissions for standard PHP files and directories are 'r' on files and 'r-x' on directories, how can I set my umask so that files and directories are always created as such? I looked up 'man umask' and it seems to treat files and directories the same way. Maybe that is impossible, but I logged in via FTP to a server of a web hosting company, and it implements just this: creates directories as rwxr-xr-x and files as rw-r--r--.

Another thing... how should I configure ownership on the files? root as owner, apache as group and no permissions for others?

Thanks for taking the time to read such a long post.

Regards,

Ugo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux