Security of web files chmod

Posted on 2005-04-23
Medium Priority
Last Modified: 2013-12-04
I am using a web host that supports php and mysql.  In one of the files is a php script that accesses my database, the password is embedded in the script.  Using CHMOD, what is the correct file permissions to have for this file.  I have owner - rwx, group x and other x, is this correct - 711?   I do not want the server side code to be read by anyone,  so the web host company suggested 444, which I am unsure about.  Can anyone please clarify?

Question by:jasoncpp
  • 2
LVL 38

Accepted Solution

wesly_chen earned 2000 total points
ID: 13852717
> I have owner - rwx, group x and other x, is this correct - 711?
For file, you need it to be readable, too (r-x).
So it should be
chmod 755 <filename>   (-rwxr-xr-x)
Otherwise, other can not execute it.

However, if the php is called by the user "apache" or "httpd", then you can just add "apache" into the same group
of that php script file, then you can set the permission
chmod 750 <filename>

As for the directory for php script, you can do
chmod 711 <dir name>
So group or other can execute/read the script under that directory but can not list what files are in that directory.
LVL 38

Expert Comment

ID: 13852731
chmod 444  <file anme>    is for the text/html page, not for php or cgi script file.
As an owner of the file, you can do chmod anytime to make it writeable to yourself.
But 444 give you more protection since hackers can fake themselves to your UID and
overwrite your webpage though ftp or php if that page is writeable for owner.
But they can not do "chmod" since they didn't login. (Well, advanced hackers can
penetrate the system...). So 444 is protecting you from the ftp and php/cgi.

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question