If your web-server is setup to read files with .php extension
through PHP engine (it is I guess)
than no body from outside (using HTTP) can't read content of
original PHP file only the output of that particular script.
The only concern you may have is that somebody else on that server
can
Bojan Tesanovic wrote:
Heh you are really new to Linux
permissions on linux are set per user/group/other bases
so for most secure set permissions to read only for web-server user
so
chown 'webserveruser' file.php
chmod 400 file.php
make sure you have root access at server so you can change
Heh you are really new to Linux
permissions on linux are set per user/group/other bases
so for most secure set permissions to read only for web-server user
so
chown 'webserveruser' file.php
chmod 400 file.php
make sure you have root access at server so you can change that file
or make a group
On Thu, August 9, 2007 8:15 pm, jekillen wrote:
>
> On Aug 8, 2007, at 9:34 PM, Richard Lynch wrote:
>
>> On Wed, August 8, 2007 7:52 pm, jekillen wrote:
>> Apache runs as the "User" setting in httpd.conf
>>
>> If that "User" can rwx the files, then PHP can rwx the files.
>>
>> If not, not.
>>
>> I
On Aug 8, 2007, at 9:34 PM, Richard Lynch wrote:
On Wed, August 8, 2007 7:52 pm, jekillen wrote:
I have a question about including php files that are outside of
the web server document root. What permission does Apache
use to access files outside of the document root?
Here is the situation:
I
On Wed, August 8, 2007 7:52 pm, jekillen wrote:
> I have a question about including php files that are outside of
> the web server document root. What permission does Apache
> use to access files outside of the document root?
> Here is the situation:
> I want to store sensitive data such as login/p
jekillen wrote:
Hello again;
I have a question about including php files that are outside of
the web server document root. What permission does Apache
use to access files outside of the document root?
Same as inside the document root afaik.
I want to store sensitive data such as login/pw data
On 3/23/07, Jim Lucas <[EMAIL PROTECTED]> wrote:
Rahul Sitaram Johari wrote:
> Ave,
>
> I¹m not sure if anyone here is going to be able to help, but I¹ve run into a
> permissions snag.
> I have Apache Web Server running on Mac OS X with PHP. I have a folder on a
> windows machine mounted on my Ma
Rahul Sitaram Johari wrote:
Ave,
I¹m not sure if anyone here is going to be able to help, but I¹ve run into a
permissions snag.
I have Apache Web Server running on Mac OS X with PHP. I have a folder on a
windows machine mounted on my Mac OS X as a share using the ³mount t smbfs
//[EMAIL PROTECT
Ave,
I can't believe I'm saying this, but SOLVED it!
Took me about 6 hours, and this one website, with this one little snippet in
one corner of a black & white page on the ENTIRE Internet gave me a solution
with this guy who had the same problem - and he wrote "fixed it for me, hope
it helps some
On 3/22/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Ave,
> But i think that when remounting the partitition, the permissions are reset
too.
Unfortunately you're absolutely right! The share is re-mounted on a daily
basis (along with a reboot), and thus, even if the 'copy, delete from
ser
Ave,
> But i think that when remounting the partitition, the permissions are reset
too.
Unfortunately you're absolutely right! The share is re-mounted on a daily
basis (along with a reboot), and thus, even if the 'copy, delete from
server, copy to server' process were to work, with every unmount
On 3/22/07, Al <[EMAIL PROTECTED]> wrote:
Get a copy of WinSCP3 or FileZilla ftp utilities, both are free. They will show
you who the owner is for the dirs and files. You can also use a SSH shell
command; but, unless you are already familiar with Unix commands, using the
utilities will be a lot
Get a copy of WinSCP3 or FileZilla ftp utilities, both are free. They will show
you who the owner is for the dirs and files. You can also use a SSH shell
command; but, unless you are already familiar with Unix commands, using the
utilities will be a lot easier and quicker.
To change a file o
Yes, it does appear that samba on mac os x is not taking any configuration
options. I tried different options for the mount_smbfs command which does
have very specific user/owner/group related permissions options - but all
give me the same "operation not supported" error.
Let me take a closer loo
On 3/22/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Ave,
Certainly looks very promising, but is giving me:
mount_smbfs: -o fmask=: option not supported
Let me google it too, see what I can come up with. Appreciate it a lot mate.
Hmm, i googled a little bit, and i found a norwegian sit
Well chmod is certainly not doing anything. I tried that to begin with. I
don't get an error, but it doesn't change any permissions. Just doesn't do
anything to the permissions of the file/folder. Like it's just ignored.
I did it as root using sudo.
On 3/22/07 12:18 PM, "Tijnema !" <[EMAIL PROT
Ave,
Certainly looks very promising, but is giving me:
mount_smbfs: -o fmask=: option not supported
Let me google it too, see what I can come up with. Appreciate it a lot mate.
On 3/22/07 12:48 PM, "Tijnema !" <[EMAIL PROTECTED]> wrote:
> On 3/22/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> w
On 3/22/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Well chmod is certainly not doing anything. I tried that to begin with. I
don't get an error, but it doesn't change any permissions. Just doesn't do
anything to the permissions of the file/folder. Like it's just ignored.
I did it as ro
Ave,
"Or make sure the user apache runs on has write access to the share."
That's the problem I'm facing. I'm not sure how to do that. If I'm not
mistaken, Apache runs as user "nobody" on my Mac, but I don't know how to
give that user write access on the Windows Machine.
Yes, it is quite compli
On 3/22/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Ave,
"Or make sure the user apache runs on has write access to the share."
That's the problem I'm facing. I'm not sure how to do that. If I'm not
mistaken, Apache runs as user "nobody" on my Mac, but I don't know how to
give that user
On 3/22/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
rahul:~/Documents/XFER rjohari$ ls -la osm
total 26548
drwxr-xr-x 1 rjohari rjohari16384 31 Dec 1969 .
drwxr-xr-x 5 rjohari rjohari 170 22 Mar 12:08 ..
-rwxr-xr-x 1 rjohari rjohari21508 13 Sep 2006 .DS_Store
[snip]
rahul:~/Documents/XFER rjohari$ ls -la osm
total 26548
drwxr-xr-x 1 rjohari rjohari16384 31 Dec 1969 .
drwxr-xr-x 5 rjohari rjohari 170 22 Mar 12:08 ..
-rwxr-xr-x 1 rjohari rjohari21508 13 Sep 2006 .DS_Store
-rwxr-xr-x 1 rjohari rjohari 82 14 Sep 2006 ._Temporary Items
On 3/22/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Ave,
I¹m not sure if anyone here is going to be able to help, but I¹ve run into a
permissions snag.
I have Apache Web Server running on Mac OS X with PHP. I have a folder on a
windows machine mounted on my Mac OS X as a share using the
On Fri, April 21, 2006 3:48 pm, Benjamin Adams wrote:
> I have a text file that is just being read by php
> Can I change the permissions of it so www can not read it?
Yes.
Then PHP cannot read it, if your setup is what I think it is...
> what username does php uses to read files?
That depends.
Benjamin Adams wrote:
I have a text file that is just being read by php
Can I change the permissions of it so www can not read it?
what username does php uses to read files?
Use a .htaccess file, if your web server supports it.
For example, in apache2 you can do this:
Order Allow,Deny
Benjamin Adams wrote:
I have a text file that is just being read by php
Can I change the permissions of it so www can not read it?
what username does php uses to read files?
Usually www, so you could have a bit of a problem there. PHP runs under
the same user Apache does, although there are wa
Jason, Hugh, John,
Thanks for all your help. And thanks Hugh for sending me your FTP
script.
It turns out that the chmod() command was the magic bullet I was
looking for. By placing
chmod ($imageName, 0777)
... into the script right after it places the uploaded file in it's
destinati
On Sunday 30 January 2005 23:04, Dave wrote:
> I'm not sure what you mean when you say "use PHP's FTP". I'm using
> $HTTP_POST_FILES because the files are retrieved through a web form.
What is meant by that is that after the file is uploaded, during your
processing of the upload file, instea
John, Hugh,
I'm not sure what you mean when you say "use PHP's FTP". I'm using
$HTTP_POST_FILES because the files are retrieved through a web form.
As for the user, I would assume that it's whatever default for any
viewer coming to a web page. I have people log in using a user name and
pas
Dave wrote:
PHP List,
The Situation:
I am building a content management system where users can, among
other things, upload images into a directory.
The Problem:
The image uploads fine, but once it's there, it can't be over
written. So if a user uploads an image, and then changes his
Use php's ftp commands.
Hugh
- Original Message -
From: "Dave" <[EMAIL PROTECTED]>
To:
Sent: Saturday, January 29, 2005 11:11 AM
Subject: [PHP] Permissions on uploaded image don't allow for over writing
PHP List,
The Situation:
I am building a content management system where users
Sorry,
I do not know the exect anaswer but i have one rough idea that in PHP we have
one function by which we can run the linux command like
fun_name("")
Actually i used this function long before so i forgot
we can use chmod 777 to our file or any command to change the permissionand by
this w
Hi Phil,
Phil Ewington - 43 Plc wrote:
Hi All,
I have a need for a PHP application to read/write Linux system files that
have root.root ownership. At present reading not a problem but writing
obviously is denied. I know there are probably some serious security issues
here, but what should I be doin
[snip]
I have a need for a PHP application to read/write Linux system files
that
have root.root ownership. At present reading not a problem but writing
obviously is denied. I know there are probably some serious security
issues
here, but what should I be doing to allow this behaviour. I am running
Jason Wong wrote:
> On Tuesday 13 January 2004 06:46, Jas wrote:
>
> [Please trim your posts!]
>
>
>>Just tried that and I am getting the same error. I guess what I am
>>really looking for is a way to have apache restart the service without
>>adding the apache user in the 'sudoers' file.
>
>
On Tuesday 13 January 2004 06:46, Jas wrote:
[Please trim your posts!]
> Just tried that and I am getting the same error. I guess what I am
> really looking for is a way to have apache restart the service without
> adding the apache user in the 'sudoers' file.
If you really must restart system
Jake McHenry wrote:
- Original Message -
From: "Jas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 12, 2004 4:47 PM
Subject: [PHP] permissions with bash scripts in php?
Something I have never tried... seems fairly straight-forward but I am
running into problems.
My p
- Original Message -
From: "Jas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 12, 2004 4:47 PM
Subject: [PHP] permissions with bash scripts in php?
> Something I have never tried... seems fairly straight-forward but I am
> running into problems.
>
> My problem is th
On Tue, 2003-07-08 at 07:21, Steve Jackson wrote:
> If I set permissions of my server root to chmod 777 that's a security
> risk right?
> How do I set my server to allow me to write a file to my web root from
> another directory using PHP? Or is it a Unix problem?
>
> I have a generator file write
Tahnk you,
but I don't want to let web user see the log file
"Nicholas Wieland" <[EMAIL PROTECTED]> wrote in message
20030216011528.GA1411@localhost">news:20030216011528.GA1411@localhost...
> On 2003.02.15 20:11 qt wrote:
> > I am planning to make a log file with fopen command.
> >
> > I am succ
On 2003.02.15 20:11 qt wrote:
I am planning to make a log file with fopen command.
I am succesfully read and write the file with fopen. But as I see
fopen is requiring a file with read and write permission for public.
Not for public, for your webserver user, www-data or another similar
name.
You can use array with the user permissions (stored in a session
variable), and use it someway like
if($_SESSION['perm']['do_that']) echo 'Do that';
Shaun wrote:
Hi
I want to make a secure site. The username , password and permission of the
users must be stored in database.
I only want certai
On Thu, 12 Sep 2002, Breno Cardoso Perucchi wrote:
> system("mkdir /home/hosting/test");
> but the PERMISSION IS DENIED and I am the root on my server.
> How I change the user to root?
Dude, you don't change to the root user ... you'll get yourself owned that
way. Change the permissions on the
I know, but how I change to root user?
--
Atenciosamente
Breno Cardoso Perucchi
[EMAIL PROTECTED]
Consultor - Omega Tecnologia
http://www.omegatec.net/
"Adam Williams" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> you don't. php/apache run as the user nobo
you don't. php/apache run as the user nobody for security purposes.
Adam
On Thu, 12 Sep 2002, Breno Cardoso Perucchi wrote:
> HI,
> I am trying to use a script php with the command:
> system("mkdir /home/hosting/test");
> but the PERMISSION IS DENIED and I am the root o
Jason Wong <[EMAIL PROTECTED]> wrote:
>> I've tried changing the /tmp permissions, but the combinations
>> are considerable, and I don't have time to try them all. I was hoping
>> someone could point me in the right direction.
>
> Set it world readable/writeable?
Oooh, nasty. That should be your
> Dan - It seemed pretty obvious to me too, but again, the ini file
> hasn't changed since the whole thing worked. What has changed are the
> permissions under NT. I've tried changing the /tmp permissions, but
> the combinations are considerable, and I don't have time to try them
> all. I was h
On Tuesday 07 May 2002 21:58, brent wrote:
> At 02:30 PM 5/7/02 +0100, you wrote:
> > > Help. I've managed to hose myself. I had this page working fine until I
> > > went in and screwed up my users under NT4. I can't backtrack and
> > > figure out what I changed. Can anyone point me in the right
At 02:30 PM 5/7/02 +0100, you wrote:
> > Help. I've managed to hose myself. I had this page working fine until I
> > went in and screwed up my users under NT4. I can't backtrack and
> > figure out what I changed. Can anyone point me in the right direction?
> > Is this a permissions issue? Thank
On Tuesday 07 May 2002 21:30, Dan Hardiker wrote:
> Ok, sorry if Im gonna sound a little blunt, but the following error message
> looks rather obvious to me.
>
> > Warning: Failed to write session data (files). Please verify that the
> > current setting of session.save_path is correct (/tmp) in Un
> Help. I've managed to hose myself. I had this page working fine until I
> went in and screwed up my users under NT4. I can't backtrack and
> figure out what I changed. Can anyone point me in the right direction?
> Is this a permissions issue? Thanks.
Ok, sorry if Im gonna sound a little blun
andy thomas wrote:
>
> PHP will always run as the same user as Apache runs as.
>
true in Apache 1.3 and 2.0's prefork and worker mode. Not so in
perchild (once it starts working :) )
--
===
Jim Jagielski [|] [EMAI
On Mon, 4 Mar 2002, John Gurley wrote:
> Can someone pleas tell me if there is something funny when it comes to unix
> permissions and PHP. When php creates a file in unix the owner is
> nobody...does this raise any issues, and if it does could someone please
> tell me a web site where I could
Apache, and therefore PHP are running under the nobody account on your
machine therefore files are created by the nobody user.
You can read up on permissions by using man chmod, man chown, man chgrp.
Check www.apache.org's excellent documentation for more info on how Apache
interacts with the OS
Justin,
If your PHP script is placing the files there, they are owned by the 'web'
user. The web user doesn't have permission to change the file ownership
to you, but for your purposes all you should need to do is change the file
permissions in your PHP script after the file is uploaded:
chmod(
So sprach »Power Programmer« am 2001-09-14 um 13:06:05 -0700 :
> What permissions would I set a php file to that could only be ready by
> somebody logged into the server as root but still be executed via a website?
root can always read each and everything, so you don't have to care
about this "us
If Apache/php runs under nobody user, than make all files read only by the group of
nobody, and no other users to be in this group.
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
99%
- Original Message -
From: "Pascal Chouinard" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sen
58 matches
Mail list logo