[PHP] web server and permissions
Please B/CC me, thank you. I am on a site that has all the files in both the /home/sitename/www/ directory and a directory we'll call /home/directory/includes/ with the following permisssions: rwxr-x--r The group I have in /etc/group does not have anyone in it, including me. The server reads everything fine and the php engine can include fine from the /home/sitename/includes/ directory. The problem is, everyone else on the site can read the includes directory as well, including my database password file which get's included. What I would like to set up is: [1] the apache/php engine can include from the includes directory, but not just spit it out. I think that is taken care of by the .htaccess file already. [2] the apache/php process is in my group, and everything I want to go out has the group permissions set to rwx--r--- (do php/html/inc files also have to be executable to be serverd?) [3] 'everyone' does not have the ability to read my files on myserver. Is this the way to do it? What is the normal way permission are set up for users/apache/groups/everyone? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web server and permissions
At 19:49 20.11.2002, Dennis Gearon said: [snip] Please B/CC me, thank you. I am on a site that has all the files in both the /home/sitename/www/ directory and a directory we'll call /home/directory/includes/ with the following permisssions: rwxr-x--r The group I have in /etc/group does not have anyone in it, including me. The server reads everything fine and the php engine can include fine from the /home/sitename/includes/ directory. The problem is, everyone else on the site can read the includes directory as well, including my database password file which get's included. You should set the owner and group of the includes directory correctly, additional to the file permissions. If you want only apache (and PHP) to be able to read from the includes directory, and only you may add/modify, you should (assumed dgearon is your username): chown dgearon:apache /home/sitename/include/. chown -R dgearon:apache /home/sitename/include/* chmod 750 /home/sitename/include/. chmod -R 640 /home/sitename/include/* This will make your account the owner of the directory and all files, and the group apache the owning group. Only the owner may list and modify the directory and files, and only the owner and the owning group may read the directory and its files. All others are blocked access. What I would like to set up is: [1] the apache/php engine can include from the includes directory, but not just spit it out. I think that is taken care of by the .htaccess file already. See my comment above [2] the apache/php process is in my group, and everything I want to go out has the group permissions set to rwx--r--- (do php/html/inc files also have to be executable to be serverd?) no, they are read by the web server, not executed [3] 'everyone' does not have the ability to read my files on myserver. set the last permission number to zero (see above). The last number stands for world which means all others that are not owner or ownergroup. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web server and permissions
Would this prevent other PHP users from including files in my include directory? 11/20/2002 1:45:08 PM, Ernest E Vogelsinger [EMAIL PROTECTED] wrote: At 19:49 20.11.2002, Dennis Gearon said: [snip] Please B/CC me, thank you. I am on a site that has all the files in both the /home/sitename/www/ directory and a directory we'll call /home/directory/includes/ with the following permisssions: rwxr-x--r The group I have in /etc/group does not have anyone in it, including me. The server reads everything fine and the php engine can include fine from the /home/sitename/includes/ directory. The problem is, everyone else on the site can read the includes directory as well, including my database password file which get's included. You should set the owner and group of the includes directory correctly, additional to the file permissions. If you want only apache (and PHP) to be able to read from the includes directory, and only you may add/modify, you should (assumed dgearon is your username): chown dgearon:apache /home/sitename/include/. chown -R dgearon:apache /home/sitename/include/* chmod 750 /home/sitename/include/. chmod -R 640 /home/sitename/include/* This will make your account the owner of the directory and all files, and the group apache the owning group. Only the owner may list and modify the directory and files, and only the owner and the owning group may read the directory and its files. All others are blocked access. What I would like to set up is: [1] the apache/php engine can include from the includes directory, but not just spit it out. I think that is taken care of by the .htaccess file already. See my comment above [2] the apache/php process is in my group, and everything I want to go out has the group permissions set to rwx--r--- (do php/html/inc files also have to be executable to be serverd?) no, they are read by the web server, not executed [3] 'everyone' does not have the ability to read my files on myserver. set the last permission number to zero (see above). The last number stands for world which means all others that are not owner or ownergroup. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web server and permissions
At 23:37 20.11.2002, Dennis Gearon said: [snip] Would this prevent other PHP users from including files in my include directory? [snip] No - even if _they_ cannot read your include files, they add the include() directive, and PHP will be able to read the file. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
