Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

care to settle a chmod argument

Posted on 2006-06-16
6
Medium Priority
?
422 Views
Last Modified: 2010-04-22
It sounds like the setup for a joke, but it's true...

2 php developers are having an argument (me and another guy).  Actually, not an argument, we don't know the answer and no one we know knows the answer.  So we turn to you, oh great and mighty experts...

In Unix/Linux...when speaking of files, not directories...the X permission allows us to execute files on the server itself.  Shell scripts, the like.  Question: does this also apply to PHP files executed (or interpreted) by Apache/PHP?  In other words, do PHP files need to have X permissions set in order to be viewable over the web by the public or can they be simple r/w?  ??5 or ??6  is another way to ask that.  

we've been tossing it back and forth all morning and I think we won't be able to rest until we know.  Also, luckily, none of us have root access right now to anything where we can test it or else we'd just figure it out oursevles!  If you can believe it...

thanks in advance!

-bakum
0
Comment
Question by:bakum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 8

Expert Comment

by:Autogard
ID: 16923626
Read access for "other" is sufficient.

e.g. Files owned by a non apache user...

-r--------, apache doesn't serve it
----r-----, apache doesn't serve it
-------r--, apache serves it
0
 
LVL 8

Expert Comment

by:Autogard
ID: 16923663
In fact:

(files owned by root user and group)

---------x, apache doesn't serve it
-rwxrwx-wx, apache doesn't serve it

So looks like apache user must have at least read access on the file.

Something else interesting I saw is that if it is a .php file it won't give you the "Access forbidden!" error, the page will just be blank.  If it is a .html file it will give you the "Access forbidden!" error "You don't have permission to access the requested object. It is either read-protected or not readable by the server."
0
 
LVL 8

Accepted Solution

by:
Autogard earned 1000 total points
ID: 16923698
.....and

I created a directory in my doc root and put an "index.php" file inside of it and accessed it like "http://www.mydomain.com/mydir".
Every user on the system has read access to the index.php file in the directory..
...but this is what happened with various permissions of the directory...

d--------x, apache served it
d------r--, apache did not serve it (and it gave the access forbidden error)

So it looks like directories need to have "x" permissions for the apache user, even if it has "r" permissions on the actual file in the directory.

If I try to access the file directly (http://www.mydomain.com/mydir/index.php"):

Forbidden
You don't have permission to access /mydir/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

....more info than you wanted, huh?  Sorry, got carried away!  :)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 16926029
> .. does this also apply to PHP files executed (or interpreted) by Apache/PHP?
no, only if PHP is configured as CGI (which is unusual) *and* that CGI relies on the x-bit

> .. do PHP files need to have X permissions ..
no if PHP is run as mod_php in Apache

> .. or can they be simple r/w?  ??5 or ??6  is another way to ask that.  
they should be 440 or better 400 (sometimes they should be 040, but most admions don't know how to configure that securely)
for testing start with 444, then if it works, try to limit down to 440 and finally 400
0
 

Author Comment

by:bakum
ID: 16928593
Very good.  Full points for the first full answer to my inquiry.  Excellent.  
0
 
LVL 8

Expert Comment

by:Autogard
ID: 16929926
Thanks!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question