Unix permissions assignments: owner, group, others
755 = owner:7, group:5, others:5
In octal, 7 is full permission for anything (file/directory): read +
write + execute.
An example: If some file (e.g. index.php) is assigned to
webservice:users (owner user "webservice", group "users") and has 755
permissions, it means that any action called from a process running as
"webservice" account can do anything over that file, members of group
"users" can only read & execute, and others can also read & execute.
For the same case in a directory (permissions 755), concrete consequence
is that the owner ("webservice") can CREATE files in it and give them
the desired permissions.
How can a web visitor make use of "webservice" account?
If your HTTP server software runs as "webservice", then any .php script
runs with same account permissions. If you have a .php script that
allows visitor to upload or create other PHP files, you have the door
open to a bad guy creates his own pages/scripts with server's filesystem
access (only restricted by open_basedir directive).
El 16/08/17 a les 18:43, Tedd Sperling ha escrit:
>
>> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson <adamjonr@xxxxxxxxx> wrote:
>>
>> 755 is typical for directories, but 644 for files.
>>
>> -snip-
>>
>> Adam
>
> Adam:
>
> If you set a file to 755, then how does bad guy do bad things with it?
>
> Certainly, with 755 the owner can do anything he wants (read, write, execute), but the “group” and “everyone else” can only read and execute (5) the file — there is no “write” to the file. Without a “write”, then how can a bad guy change/upload a file?
>
> There is something here I am not understanding. Please explain.
>
> Cheers,
>
> tedd
>
> _______________
> tedd sperling
> tedd@xxxxxxxxxxxx
>
>
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
