|
|
Posted by Richard Lynch on 10/01/07 11:05
Jason Morehouse wrote:
> Hello. I'm not sure if this is an apache problem or php... but
> wondering if anyone has come across the same problem.
>
> -rw------- 1 root root test.html
> -rw------- 1 root root test.php
>
> Trying to access test.html via a browser servers up the apache 403 error
> page. The test.php however produces:
>
> Warning: Unknown: failed to open stream: Permission denied in Unknown on
> line 0 Warning: Unknown: Failed opening '/www/test.php' for inclusion
> (include_path='.:/www/php') in Unknown on line 0
>
> Any ideas?
Apache (and the PHP Module within it) run as a specific user.
That user is not (and SHOULD NOT be) 'root'
You need to figure out what user Apache runs as.
It's set in httpd.conf by the 'User' directive.
Because Apache/PHP does not run as 'root', Apache/PHP do not have
permission to *READ* the file.
If they can't *READ* the file, they can't deliver it to the surfer.
You need to change the permissions on the file to be *READABLE* by the
'User' of Apache/PHP.
Example
chmod 644 test.html
chmod 644 test.php
However, it would probably be even *better* to chown the files to some
less-powerful user than 'root'
chown _SOME_USER_ test.html
chown _SOME_USER_ test.php
You'll *still* need them to be read-able by Apache/PHP -- But in the
unlikely event that somebody Evil manages to gain write-access to the
files, at least they won't be root-owned, which would be even *worse* than
just a normal user's files getting hacked.
You really need to read a tutorial on Unix file permsissions, and you have
*GOT* to stop making HTML and PHP files as 'root' user!
Danger Will Robinson Danger!
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|