Security of web files chmod

Posted on 2005-04-23
Last Modified: 2013-12-04
I am using a web host that supports php and mysql.  In one of the files is a php script that accesses my database, the password is embedded in the script.  Using CHMOD, what is the correct file permissions to have for this file.  I have owner - rwx, group x and other x, is this correct - 711?   I do not want the server side code to be read by anyone,  so the web host company suggested 444, which I am unsure about.  Can anyone please clarify?

Question by:jasoncpp
    LVL 38

    Accepted Solution

    > I have owner - rwx, group x and other x, is this correct - 711?
    For file, you need it to be readable, too (r-x).
    So it should be
    chmod 755 <filename>   (-rwxr-xr-x)
    Otherwise, other can not execute it.

    However, if the php is called by the user "apache" or "httpd", then you can just add "apache" into the same group
    of that php script file, then you can set the permission
    chmod 750 <filename>

    As for the directory for php script, you can do
    chmod 711 <dir name>
    So group or other can execute/read the script under that directory but can not list what files are in that directory.
    LVL 38

    Expert Comment

    chmod 444  <file anme>    is for the text/html page, not for php or cgi script file.
    As an owner of the file, you can do chmod anytime to make it writeable to yourself.
    But 444 give you more protection since hackers can fake themselves to your UID and
    overwrite your webpage though ftp or php if that page is writeable for owner.
    But they can not do "chmod" since they didn't login. (Well, advanced hackers can
    penetrate the system...). So 444 is protecting you from the ftp and php/cgi.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    First let me explain that I am extremely paranoid about computer security issues and computer backup issues.  This means that I only feel safe if I am running unknown programs and visiting unknown sites in a virtual machine.  In that way, if anythin…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now