Solved

care to settle a chmod argument

Posted on 2006-06-16
6
417 Views
Last Modified: 2010-04-22
It sounds like the setup for a joke, but it's true...

2 php developers are having an argument (me and another guy).  Actually, not an argument, we don't know the answer and no one we know knows the answer.  So we turn to you, oh great and mighty experts...

In Unix/Linux...when speaking of files, not directories...the X permission allows us to execute files on the server itself.  Shell scripts, the like.  Question: does this also apply to PHP files executed (or interpreted) by Apache/PHP?  In other words, do PHP files need to have X permissions set in order to be viewable over the web by the public or can they be simple r/w?  ??5 or ??6  is another way to ask that.  

we've been tossing it back and forth all morning and I think we won't be able to rest until we know.  Also, luckily, none of us have root access right now to anything where we can test it or else we'd just figure it out oursevles!  If you can believe it...

thanks in advance!

-bakum
0
Comment
Question by:bakum
  • 4
6 Comments
 
LVL 8

Expert Comment

by:Autogard
ID: 16923626
Read access for "other" is sufficient.

e.g. Files owned by a non apache user...

-r--------, apache doesn't serve it
----r-----, apache doesn't serve it
-------r--, apache serves it
0
 
LVL 8

Expert Comment

by:Autogard
ID: 16923663
In fact:

(files owned by root user and group)

---------x, apache doesn't serve it
-rwxrwx-wx, apache doesn't serve it

So looks like apache user must have at least read access on the file.

Something else interesting I saw is that if it is a .php file it won't give you the "Access forbidden!" error, the page will just be blank.  If it is a .html file it will give you the "Access forbidden!" error "You don't have permission to access the requested object. It is either read-protected or not readable by the server."
0
 
LVL 8

Accepted Solution

by:
Autogard earned 250 total points
ID: 16923698
.....and

I created a directory in my doc root and put an "index.php" file inside of it and accessed it like "http://www.mydomain.com/mydir".
Every user on the system has read access to the index.php file in the directory..
...but this is what happened with various permissions of the directory...

d--------x, apache served it
d------r--, apache did not serve it (and it gave the access forbidden error)

So it looks like directories need to have "x" permissions for the apache user, even if it has "r" permissions on the actual file in the directory.

If I try to access the file directly (http://www.mydomain.com/mydir/index.php"):

Forbidden
You don't have permission to access /mydir/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

....more info than you wanted, huh?  Sorry, got carried away!  :)
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 16926029
> .. does this also apply to PHP files executed (or interpreted) by Apache/PHP?
no, only if PHP is configured as CGI (which is unusual) *and* that CGI relies on the x-bit

> .. do PHP files need to have X permissions ..
no if PHP is run as mod_php in Apache

> .. or can they be simple r/w?  ??5 or ??6  is another way to ask that.  
they should be 440 or better 400 (sometimes they should be 040, but most admions don't know how to configure that securely)
for testing start with 444, then if it works, try to limit down to 440 and finally 400
0
 

Author Comment

by:bakum
ID: 16928593
Very good.  Full points for the first full answer to my inquiry.  Excellent.  
0
 
LVL 8

Expert Comment

by:Autogard
ID: 16929926
Thanks!
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question