Re: standard safe permissions for php scripts in web directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Sounds like a weird question though :( what should be standard safe php
script/directory permissions under Apache.

This can vary in some cases. Generally speaking all scripts that ran by apache (using the php module) are using the rights of the user that apache is running as. So this user (that you may find who it is in your httpd.conf like for e.g. "User apache") has to be able to at least read you scripts. In addition to that if you need to upload files you will have to give this user the right to be able to write in the directories you plan to upload the files and read rights to the above directories in order to "see" where they are.

You shouldn't though give the right to this user to write in other directories beside the ones you upload files for security reasons. This is because if someone compromises apache we could in some cases do whatever apache does (meaning that we can write where apache does). Moreover if your project has a flaw and someone can use that flaw he can write were apache writes as well (or perhaps where your script can).

So IMHO it is good to carefully define the rights but test if your scripts run and make the proper changes as needed. This of course probably needs changes to ownership as well.

--
Thodoris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux