Setting file permissions and groups

Discuss server installationa nd configuration issues here

Moderators: macek, egami, gesf

Post Reply
theserve
New php-forum User
New php-forum User
Posts: 27
Joined: Wed Jan 18, 2012 3:18 am
Location: London
Contact:

Re: Setting file permissions and groups

Post by theserve » Wed Mar 07, 2012 7:07 am

unfortunately its quite difficult. The PHP scripts get executed as the webserver user (Apache) or as the owner if its running under suexec. I suspect if you have to have 777 permissions for it to work its running under Apache's user. In that case there isn't really a great deal you can do. It's quite common for 777 folders to be exploited. Just make sure your code is well written with security in mind.

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Setting file permissions and groups

Post by egami » Wed Mar 07, 2012 11:50 am

Disclaimer: This may sound the wrong way, but I don't intend to insult you



But NEVER EVER EVER put a file 777.
EVER.

In order for files to be uploaded, the DIRECTORY needs to be read/writeable by the webserver user only.
You can control the types of files that are uploaded by your php, using the meta tags of your images. Check php.net/_FILES for more info.

This prevents losers who pick their butts from putting files up and trying to hack your server.

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Setting file permissions and groups

Post by egami » Thu Mar 08, 2012 6:20 am

Google.

chmod
chown

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests