PHP files not needing to be executable

I’ve always used Linux for web hosting but have never really understood how permissions work with regards to PHP. PHP files just need read permission (not execute). When a user visits a web page and accessed a PHP file and it is executed can someone please explain how this process works — and why it doesn’t need to be executable?

My hosting company uses suPHP, by the way which I understand has a bearing on the above.


The PHP files themselves are not executed. Instead the PHP executable (or apache php module, or php-fpm in case of NGiNX, etc) is executed, which reads the php file(s), interprets them, and then runs the interpreted code. So the process running PHP only needs to be able to read the files, that’s enough.

Thanks, so when you access a PHP file through HTTP on a web server is it done through a user that has rights to execute the PHP engine instead of the actual file?

Exactly. Although in most situations PHP is constantly running and the webserver passes it requests it receives, returning the output to the visitor.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.