|
Posted by Bret Hughes on 10/04/23 11:05
On Mon, 2005-01-10 at 15:21, Jason Morehouse wrote:
> Jonel Rienton wrote:
> > man chmod, i gather you're new to linux/*nix
>
> I don't need a lesson in file permissions, thanks. Apache runs as
> nobody. The problem isn't trying to get apache to display test.php,
> it's having it display the proper 403 error page, rather than a php
> error when it doesn't have access to a page.
>
> Each page, test.html and test.php have the same permissions. The html
> page gives the expected 403 error message when I try and access it
> (thats what I want). The other, php script doesn't. This is a security
> concern for me as it reveals paths on my system in the event a page has
> the wrong permissions. Why does apache not server the 403 on the php
> page? Maybe this is better off in the apache list.
Ahh. well I guess everyone got a refresher on *nix perms at least :) I
see what you are concerned about but am wondering if relying on the
underlying file system perms is a good thing to begin with. Still, I
have no answer for your question. It is an interesting one and I hope
you will enlighten us once you find the answer.
FWIW it sounds to me to be a php issue. Apache sees the php extension
and passes it off to php who then pukes on the perms.
Bret
Navigation:
[Reply to this message]
|