RE: [PHP] Access rights for php files on Linux?
For a little bit more security, you could find out what user apache is running as (look in httpd.conf), and chown the file to that user:group and set permissions 400. (So that only the apache process can read the file) However, this is not very secure, becuase a CGI script could still read your file. (Any file that is readable by the webserver is, in essence, readable by any script being executed by that webserver - which, to say the least, can be a rather large security problem) > -Original Message- > From: Michael Geier [mailto:[EMAIL PROTECTED]] > Subject: Re: [PHP] Access rights for php files on Linux? > > Use include files to pass your authentication information. > > include('auth.php'); > ?> > > auth.php: > $username="foo"; > $password="bar"; > ?> > > put auth.php in your home directory with you as owner and apache group id > as group, or create a group that contains you and apache user (probably > 'nobody'). > > $> chmod 740 /your/home/dir/auth.php > > On Wed, 19 Dec 2001, Daniel Fassnauer wrote: > > > Well, I have encounterd a problem which is quite big (for me), so I hope > > I find help here. > > My setup is a Linux Machine, running Apache with php as a module. > > In order for the webserver to parse the file, i have to give read > > permission to world. > > This is a problem, because about 100 people have shell access and could > > then just cat /www/myphpfile.php, and would thus get passwords which i > > dont want to share (like mysql password in the phpmyadmin config file) > > and general access to my code. Also, the different users on the machine > > want to be able to host php files with everyone else being able to read > > them. Is there any way i can actually do that? > > I must say that i am rather new to all this stuff, so i am really > > confused as what to do, and i would appreciate any help.. > > Thanks in advance... > > > > Daniel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Access rights for php files on Linux?
Use include files to pass your authentication information. auth.php: put auth.php in your home directory with you as owner and apache group id as group, or create a group that contains you and apache user (probably 'nobody'). $> chmod 740 /your/home/dir/auth.php On Wed, 19 Dec 2001, Daniel Fassnauer wrote: > Well, I have encounterd a problem which is quite big (for me), so I hope > I find help here. > My setup is a Linux Machine, running Apache with php as a module. > In order for the webserver to parse the file, i have to give read > permission to world. > This is a problem, because about 100 people have shell access and could > then just cat /www/myphpfile.php, and would thus get passwords which i > dont want to share (like mysql password in the phpmyadmin config file) > and general access to my code. Also, the different users on the machine > want to be able to host php files with everyone else being able to read > them. Is there any way i can actually do that? > I must say that i am rather new to all this stuff, so i am really > confused as what to do, and i would appreciate any help.. > Thanks in advance... > > Daniel > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Access rights for php files on Linux?
your scripts have to have to be readable by your apache user/group if it can't read them then it can't run them. now as for being allowed to only view files of yours, you would want to place the apache user in your group. this will give it access to read your files, but so will others running apache, ie a person writes a php script that is ran by apache and then can read your files because the process is running as the apache user which can see your files. so, to answer your question, no, there isn't a simple way to do this. - Original Message - From: "Daniel Fassnauer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 18, 2001 4:56 PM Subject: [PHP] Access rights for php files on Linux? > Well, I have encounterd a problem which is quite big (for me), so I hope > I find help here. > My setup is a Linux Machine, running Apache with php as a module. > In order for the webserver to parse the file, i have to give read > permission to world. > This is a problem, because about 100 people have shell access and could > then just cat /www/myphpfile.php, and would thus get passwords which i > dont want to share (like mysql password in the phpmyadmin config file) > and general access to my code. Also, the different users on the machine > want to be able to host php files with everyone else being able to read > them. Is there any way i can actually do that? > I must say that i am rather new to all this stuff, so i am really > confused as what to do, and i would appreciate any help.. > Thanks in advance... > > Daniel > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]