|
Posted by Richard Lynch on 10/09/89 11:08
Ugo Bellavance wrote:
> If the needed permissions for standard PHP files and directories are
> 'r' on files and 'r-x' on directories, how can I set my umask so that
> files and directories are always created as such? I looked up 'man
> umask' and it seems to treat files and directories the same way. Maybe
> that is impossible, but I logged in via FTP to a server of a web hosting
> company, and it implements just this: creates directories as rwxr-xr-x
> and files as rw-r--r--.
>
> Another thing... how should I configure ownership on the files?
> root as owner, apache as group and no permissions for others?
Do NOT make root as owner, unless you really really really need to.
If somebody manages to alter the contents of the file, and then manages to
make it executable, you no longer own that computer, they do.
In fact, make the files owned by the apache user is what I would
recommend, unless you really have a hard-core reason not to, PLUS you have
considered all the ramifications.
If files need to be owned by somebody else for some reason, they STILL
should NEVER have to be owned by root -- or else you've got some serious
security issues to consider.
It's better to create a new user, with very limited and specific abilities
to do the minimum they need to do, than to just go using 'root' access for
things.
I don't know what umask does, and I don't know what your FTP host does,
but I do know that you can use 'find' and its '-exec' flag to change
directories and files differently in a cron job if you need to do that.
They'll have the wrong permissions for the brief period that they are
created.
Or, when you create the file, you can change its permissions at the time
of creation, which is probably what the FTP program does.
umask is handy, but not the "answer" to every need.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|