SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    I meant that to happen silver trophybronze trophy Raffles's Avatar
    Join Date
    Sep 2005
    Location
    Tanzania
    Posts
    4,662
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Struggling to understand permissions

    If I write a script that I want others to be able to put on their servers, what is the best recommendation for chmodding the directory it is in?

    The script needs to be able to create subdirectories, create and modify files, and delete them. This only needs to occur in the directory the script is sitting in. What I'm struggling to understand is who exactly would be doing this. The "apache" user, "www" or the actual human user who owns the server? I've read that the apache user is in the "everyone" group and so therefore I'm assuming the directory this script is in needs to have permissions set to 777. But then I've also read this is probably insecure.

    Why is this insecure? Who could possibly have permission to write/delete stuff apart from the server and the human owner of the server?

    Finally (the reason this is in the PHP forum), is the PHP engine a separate user? If so, does that mean the PHP user is the one creating/modifying/deleting files, or is this task passed to the apache user?

  2. #2
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I had come to understand something from this article, hope it will help you too:
    http://docs.joomla.org/How_do_UNIX_f...ssions_work%3F
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  3. #3
    I meant that to happen silver trophybronze trophy Raffles's Avatar
    Join Date
    Sep 2005
    Location
    Tanzania
    Posts
    4,662
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thanks Raju, that answers my question of "who is Apache?". Since Apache is under the "other" (or "everyone") group, if I want the script to create and delete files and directories, I suppose I'll have to set it to 757.

  4. #4
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,070
    Mentioned
    153 Post(s)
    Tagged
    2 Thread(s)
    As far as I know PHP is invoked by Apache and runs under the same user as apache does. Unless SuPHP is installed, in which case PHP will run under the username of the owner of the file it is processing (if the owner of index.php is raffles, it will run under username raffles).
    In the case of SuPHP you don't need 777 or 757, but 755 will do (assuming that the directory the file is in has the same owner as the file itself).

    As for security implications, HTTP has a DELETE command (like GET and POST) that allows files to be deleted using just HTTP. Though I'm not sure if DELETE is actually implemented / works in most modern web servers. I've never actually heard of any files being deleted using DELETE. Which doesn't mean it never happened
    Rémon - Hosting Advisor

    SitePoint forums will switch to Discourse soon! Make sure you're ready for it!

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •