SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,120
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What should my File Permissions be?

    OK!

    I have a part on my site where I use something like a clickthru.php script so that all clickthrus from my site to others get counted and put into a database plus it also hides the link to the external site.

    I am giving quite a few clickthru's to other sites, but I have just had an email from someone that seems to keep getting errors.

    When they click-thru from my site to another they get a forbidden error on the actually clickthru.php script page.

    Unfortunately they do not have permission to access this page on my server. But they should be able to access it as it is just like a normal page, they don't need to have authorization to access it.

    So I was wondering if changing the file permissions, would that work.

    At the moment the file permissions are set to: 644 on the clickthru.php page. This is: -rw-r--r--

    Do I need to change it to make them access it as I really need everybody to access every page on my site especially this one. If I don't then there is most likely to be more people like this one who are also having problems accessing it, which is then losing me money and visitors.

  2. #2
    SitePoint Addict jkassemi's Avatar
    Join Date
    Jan 2005
    Location
    Albuquerque
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    add execute permissions for users. I usually set 755...

  3. #3
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,120
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So changing the permissions to that will then allow every body to access the click.php script. What about security risks. Would there be a higher security risk.

    Also would I have to change the directory to that as well. Also why can people access every other page apart from that one. Is it because when the script is called it also writes to MySQL as it increases the number that the associated link is clicked by 1.

  4. #4
    SitePoint Addict jkassemi's Avatar
    Join Date
    Jan 2005
    Location
    Albuquerque
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You will have to change the directory permissions if they are not allowing the user to read or access it's contents. If the directory isn't accessible, it's contents won't be either. You shouldn't have any security problems so long as nobody has access to these files except through your web server, which will send only the output whenever they are requested.

    744 should work for all of your html files and others that don't require execution. Because Your php needs to be executed, and not just read, it needs 755. This will be your experience with scripts.

    Hope this helps,

    James.

  5. #5
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,120
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What about php files that are just pulling information from a mysql database and then just displaying it to the user.

    What permissions should these be. I have them all at 644 at the moment, which means I can write to them but the user can really only read them.

    Should I also change all of these files permissions as wells.

    People can see them just like normal webpages, but as some people could have access to the clickthru script then maybe they some of are also having a few problems with looking at a few of my normal pages that just pulls and displays information from a mysql database.

  6. #6
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Parry Sound, ON
    Posts
    725
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    First of all, PHP scripts do NOT need the execute bit set to work.

    Secondly, the HTTP forbidden error has absolutely nothing to do with file permissions.

    You're looking in the wrong place here. Let's see some code.

  7. #7
    SitePoint Addict jkassemi's Avatar
    Join Date
    Jan 2005
    Location
    Albuquerque
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    HardCoded, this was the first thing I had to overcome when I started hosting myself... I've had it up for a while now. The first thing I read was to set php scripts to 755 and others at 744. I don't see how the forbidden error doesn't have something to do with file permissions! I think it's got just as much to do with them as htaccess configurations. If your server can't read the files or execute the scripts, it can't display them.

    Heck, what if you chmod -R 722 your htdocs directory? Nobody's going to be able to read those files, other than the owner, which isn't the nobody user apache runs under. The only other way to change that, from what I understand, is to set "nobody" as the owner of the directory and its contents. Anybody with ssh enabled will have a field day trying to protect their server if they do that...

    This isn't an attack, it's just that you're proposing something I haven't yet heard of, and I'm curious... Please give more information,

    James.

  8. #8
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Parry Sound, ON
    Posts
    725
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think you are remembering wrong. I have a whole server full of perfectly running PHP scripts that are all 644. What I do remember way back when was forgetting to 755 the home directory after adding a user and a new virtual host.

    And try an experiment. Try setting a test.php chmod 600 and then browse to it. You don't get forbidden. You get a PHP error in your logs, that says it couldn't open the stream.

  9. #9
    SitePoint Addict jkassemi's Avatar
    Join Date
    Jan 2005
    Location
    Albuquerque
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, you're the better man. Let me get this straight...

    -Apache sends php signal to read file.
    -PHP reads file.
    -PHP sends results through apache, which sends to client?

    So all that's needed is the read permissions... I remember reading that I needed to change the permissions to 755... I'm trying to figure out why I'm remembering it not working until I changed the permissions to 755... oh well...

    Ah.
    "
    * For generic files such as html or images, etc you usually need to set 644 permissions. It is because "nobody" needs to read the file, and thus the file should be readable by others, hence 4 (read only) permissions for both group and others. For yourself you need a right to read and write (hence 6) to the file.
    * For scripts you need 755 rights. The script should be executable by "nobody". The script file should also be readable by "nobody", as the file is interpreted by an interpreter such as Perl and therefore must be readable. Thus it must combine read and execute permissions for "others", as "nobody" belongs to "others" group. For yourself you need to have also write access, getting 755 as a result. "
    -http://www.zzee.com/solutions/unix-permissions.shtml

    I was probably looking at something for bash scripts when I learned of it... But still, the above link is one of a few that I just found that say you should change permissions to 755 for web server scripts. I hate that such misleading information is so widely available, and I'm sorry for propogating false information.

    Take it easy,

    James.

  10. #10
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Parry Sound, ON
    Posts
    725
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's for CGI stuff.

  11. #11
    SitePoint Addict jkassemi's Avatar
    Join Date
    Jan 2005
    Location
    Albuquerque
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah never used it... Again, the better man. I'll get you one of these days :'(

  12. #12
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,120
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would like to add here.

    When trying to figure out my problem I also thought that it was to do with the file permissions which was causing the forbidden error. But now I realise that has nothing to do with it when I went to the permissions and messed around with them setting them to 0 just to see what would happen.

    All I could see was an empty page. I didn't see any 403 error.

    I have also used 644 permissions on most of my scirpts for quite a while and they all work just the click.php script and another script is giving me a few problems. But after the better man "HardCoded" looked into the situation, he found out that it is to do with a piece of software installed on the server and nothing to do with my scripts.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •