Solved

permissions on file in directory for apache to use but not user to see

Posted on 2004-04-04
9
318 Views
Last Modified: 2010-04-20
i have some files in a directory and i would like to hide the php code from the user who logs in via ftp.

he has permissions for everything but writing to his home directorys php files which i wrote.
he can still read them but as soon as i chmod them to no read the website says access forbidden, im guessing that apache needs some type of special read permissions.


also is there a way too if someone makes a php file and uploads it that it cannot read the other php files i wrote.

heres the current directory permissons on the php files
-rwxrwxr-x    1 jasonb   jasonb       6496 Feb 24 04:06 index.php
-rwxrwxr-x    1 jasonb   jasonb       2541 Feb 19 01:06 leftsideframe.php
-rwxrwxr-x    1 jasonb   jasonb        492 Feb 19 01:06 main.php
-rwxrwxr-x    1 jasonb   jasonb       5320 Mar  4 03:23 markfunctions.php
-rwxrwxr-x    1 jasonb   jasonb       4890 Feb 19 01:06 new.php
-rwxrwxr-x    1 jasonb   jasonb       8876 Mar  5 01:04 orderprints.php
-rwxrwxr-x    1 jasonb   jasonb       1408 Feb 24 04:06 pagevisit.php
-rwxrwxr-x    1 jasonb   jasonb       1406 Feb 19 01:06 rightsideframe.php
-rwxrwxr-x    1 jasonb   jasonb       3704 Mar  4 03:24 setupcontactsheets.php
-rwxrwxr-x    1 jasonb   jasonb       5875 Feb 19 01:06 test.php
0
Comment
Question by:aot2002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10751465
With what user id / group id is your Apache server running? Once you know that, use this information to change the owner and/or group for your PHP files and make sure that you don't give any rights to the world. Let's say, your server runs as "wwwrun". You can protect your PHP files by using these commands:

chown wwwrun *.php
chmod 700 *.php

I don't think you can prevent other PHP files from accessing your PHP files. Once they are started, they run under the same user ID, and can therefore access these scripts.

0
 
LVL 1

Author Comment

by:aot2002
ID: 10752863
>>Once they are started, they run under the same user ID, and can therefore access these scripts.

Yea but isnt it true that if that user uploads the files he doesnt have access to apache
or can i prevent him from accessing anything that apache does.

0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10753359
I don't understand your question. If a user uploads a .php file, and your server is configured so that it executes .php files in the user's home directory, the Apache process can potentially access your php files and get access to the scripts. Unlikely, but not impossible.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:aot2002
ID: 10754572
but would it also be true the user would upload and his username would be marked as the owner of the file !

if he is the owner and he doesnt have permission then how can he execute a script?
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10755916
The owner of the file is not important, it's the execute permissions that will cause the problem.
0
 
LVL 1

Author Comment

by:aot2002
ID: 10756161
what if he doesnt have file changing permissions ?
basically he can upload but not change file permissions?

Is this possible?
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10756549
How do your users upload files to the server?
0
 
LVL 1

Author Comment

by:aot2002
ID: 10760409
ftp   im running vsftpd
0
 
LVL 44

Accepted Solution

by:
Karl Heinz Kremer earned 30 total points
ID: 10762527
The ftp protocol does allow to modify the file mode on the server. You have to make sure that your user's directories are marked as not-executable on the Web server level. Apache does this with -ExecCGI in the Options command.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question