Would this prevent other PHP users from including files in my include directory?
11/20/2002 1:45:08 PM, Ernest E Vogelsinger <[EMAIL PROTECTED]> wrote: >At 19:49 20.11.2002, Dennis Gearon said: >--------------------[snip]-------------------- >>Please B/CC me, thank you. >> >>I am on a site that has all the files in both the /home/sitename/www/ >>directory and a directory >>we'll call /home/directory/includes/ with the following permisssions: >> >> rwxr-x--r >> >>The group I have in /etc/group does not have anyone in it, including me. >> >>The server reads everything fine and the php engine can include fine from the >>/home/sitename/includes/ directory. >> >>The problem is, everyone else on the site can read the includes directory as >>well, including my >>database password file which get's included. > >You should set the owner and group of the includes directory correctly, >additional to the file permissions. > >If you want only apache (and PHP) to be able to read from the includes >directory, and only you may add/modify, you should (assumed dgearon is your >username): > > chown dgearon:apache /home/sitename/include/. > chown -R dgearon:apache /home/sitename/include/* > chmod 750 /home/sitename/include/. > chmod -R 640 /home/sitename/include/* > >This will make your account the owner of the directory and all files, and >the group "apache" the owning group. Only the owner may list and modify the >directory and files, and only the owner and the owning group may read the >directory and its files. All others are blocked access. > >>What I would like to set up is: >> >> [1] the apache/php engine can include from the >> includes directory, but not just spit it out. >> I think that is taken care of by the >> .htaccess file already. > >See my comment above > >> [2] the apache/php process is in my group, >> and everything I want to go out has >> the group permissions set to rwx--r--- >> (do php/html/inc files also have to be >> executable to be serverd?) > >no, they are read by the web server, not executed > >> [3] 'everyone' does not have the ability to read >> my files on myserver. > >set the last permission number to zero (see above). The last number stands >for "world" which means all others that are not owner or ownergroup. > > > >-- > >O Ernest E. Vogelsinger > (\) ICQ #13394035 > ^ http://www.vogelsinger.at/ > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
