Solved

permissions on file in directory for apache to use but not user to see

Posted on 2004-04-04
9
314 Views
Last Modified: 2010-04-20
i have some files in a directory and i would like to hide the php code from the user who logs in via ftp.

he has permissions for everything but writing to his home directorys php files which i wrote.
he can still read them but as soon as i chmod them to no read the website says access forbidden, im guessing that apache needs some type of special read permissions.


also is there a way too if someone makes a php file and uploads it that it cannot read the other php files i wrote.

heres the current directory permissons on the php files
-rwxrwxr-x    1 jasonb   jasonb       6496 Feb 24 04:06 index.php
-rwxrwxr-x    1 jasonb   jasonb       2541 Feb 19 01:06 leftsideframe.php
-rwxrwxr-x    1 jasonb   jasonb        492 Feb 19 01:06 main.php
-rwxrwxr-x    1 jasonb   jasonb       5320 Mar  4 03:23 markfunctions.php
-rwxrwxr-x    1 jasonb   jasonb       4890 Feb 19 01:06 new.php
-rwxrwxr-x    1 jasonb   jasonb       8876 Mar  5 01:04 orderprints.php
-rwxrwxr-x    1 jasonb   jasonb       1408 Feb 24 04:06 pagevisit.php
-rwxrwxr-x    1 jasonb   jasonb       1406 Feb 19 01:06 rightsideframe.php
-rwxrwxr-x    1 jasonb   jasonb       3704 Mar  4 03:24 setupcontactsheets.php
-rwxrwxr-x    1 jasonb   jasonb       5875 Feb 19 01:06 test.php
0
Comment
Question by:aot2002
  • 5
  • 4
9 Comments
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10751465
With what user id / group id is your Apache server running? Once you know that, use this information to change the owner and/or group for your PHP files and make sure that you don't give any rights to the world. Let's say, your server runs as "wwwrun". You can protect your PHP files by using these commands:

chown wwwrun *.php
chmod 700 *.php

I don't think you can prevent other PHP files from accessing your PHP files. Once they are started, they run under the same user ID, and can therefore access these scripts.

0
 
LVL 1

Author Comment

by:aot2002
ID: 10752863
>>Once they are started, they run under the same user ID, and can therefore access these scripts.

Yea but isnt it true that if that user uploads the files he doesnt have access to apache
or can i prevent him from accessing anything that apache does.

0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10753359
I don't understand your question. If a user uploads a .php file, and your server is configured so that it executes .php files in the user's home directory, the Apache process can potentially access your php files and get access to the scripts. Unlikely, but not impossible.
0
 
LVL 1

Author Comment

by:aot2002
ID: 10754572
but would it also be true the user would upload and his username would be marked as the owner of the file !

if he is the owner and he doesnt have permission then how can he execute a script?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10755916
The owner of the file is not important, it's the execute permissions that will cause the problem.
0
 
LVL 1

Author Comment

by:aot2002
ID: 10756161
what if he doesnt have file changing permissions ?
basically he can upload but not change file permissions?

Is this possible?
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10756549
How do your users upload files to the server?
0
 
LVL 1

Author Comment

by:aot2002
ID: 10760409
ftp   im running vsftpd
0
 
LVL 44

Accepted Solution

by:
Karl Heinz Kremer earned 30 total points
ID: 10762527
The ftp protocol does allow to modify the file mode on the server. You have to make sure that your user's directories are marked as not-executable on the Web server level. Apache does this with -ExecCGI in the Options command.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now