Would this prevent other PHP users from including files in my include directory?

11/20/2002 1:45:08 PM, Ernest E Vogelsinger <[EMAIL PROTECTED]> wrote:

>At 19:49 20.11.2002, Dennis Gearon said:
>>Please B/CC me, thank you.
>>I am on a site that has all the files in both the /home/sitename/www/ 
>>directory and a directory 
>>we'll call /home/directory/includes/ with the following permisssions:
>>     rwxr-x--r
>>The group I have in /etc/group does not have anyone in it, including me.
>>The server reads everything fine and the php engine can include fine from the 
>>/home/sitename/includes/ directory.
>>The problem is, everyone else on the site can read the includes directory as 
>>well, including my 
>>database password file which get's included.
>You should set the owner and group of the includes directory correctly,
>additional to the file permissions.
>If you want only apache (and PHP) to be able to read from the includes
>directory, and only you may add/modify, you should (assumed dgearon is your
>    chown dgearon:apache /home/sitename/include/.
>    chown -R dgearon:apache /home/sitename/include/*
>    chmod 750 /home/sitename/include/.
>    chmod -R 640 /home/sitename/include/*
>This will make your account the owner of the directory and all files, and
>the group "apache" the owning group. Only the owner may list and modify the
>directory and files, and only the owner and the owning group may read the
>directory and its files. All others are blocked access.
>>What I would like to set up is:
>>       [1] the apache/php engine can include from the
>>               includes directory, but not just spit it out.
>>               I think that is taken care of by the
>>               .htaccess file already.
>See my comment above
>>       [2] the apache/php process is in my group,
>>               and everything I want to go out has
>>               the group permissions set to rwx--r---
>>               (do php/html/inc files also have to be
>>               executable to be serverd?)
>no, they are read by the web server, not executed
>>       [3] 'everyone' does not have the ability to read
>>               my files on myserver. 
>set the last permission number to zero (see above). The last number stands
>for "world" which means all others that are not owner or ownergroup.
>   >O     Ernest E. Vogelsinger
>   (\)    ICQ #13394035
>    ^     http://www.vogelsinger.at/

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to