|
|
Posted by Ugo Bellavance on 02/12/05 05:28
Hi,
Please forgive me if this specific question has already been
addressed, but I'm doing tests to figure out what are the minimal
permissions I can give on my files and folders for a PHP application and
I just can't find it (even by searching this list). Feel free to
redirect me to existing documentation that I woule have missed, if needed.
My config: Apache2 on RHEL, php-4.3.2-19. The server runs as
apache.apache. I have a test server and a prod servers. On the test
server, one developper accesses the files directly in his home (userdir
activated). On my production server, the application is located in a
subfolder of the document root (/var/www/html/) and files are tarred on
the test server, copied using sftp (to my user account) mv'ed into
/var/www/html and then untarred. This server is not shared by external
users, so it is usually only root that can put content in the DocRoot.
According to my tests, we need read permissions for php files to be
processed by apache, and we need execute (and read) permissions on
direcories. For directories in which php uploads (images) or create
(pdf) files, it needs write permissions on the directory.
I'm curious about the reason why it needs execute permissions on
directory. According to the documentation, 'x' on directories allows to
'search' a direcory. Isn't 'r' enough? That allows php to read the
directory listing... However, this is not my main concern...
So here it is: If the needed permissions for standard PHP files and
directories are 'r' on files and 'r-x' on directories, how can I set my
umask so that files and directories are always created as such? I
looked up 'man umask' and it seems to treat files and directories the
same way. Maybe that is impossible, but I logged in via FTP to a server
of a web hosting company, and it implements just this: creates
directories as rwxr-xr-x and files as rw-r--r--.
Another thing... how should I configure ownership on the files?
root as owner, apache as group and no permissions for others?
Thanks for taking the time to read such a long post.
Regards,
Ugo
Navigation:
[Reply to this message]
|