Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

care to settle a chmod argument

Posted on 2006-06-16
6
Medium Priority
?
423 Views
Last Modified: 2010-04-22
It sounds like the setup for a joke, but it's true...

2 php developers are having an argument (me and another guy).  Actually, not an argument, we don't know the answer and no one we know knows the answer.  So we turn to you, oh great and mighty experts...

In Unix/Linux...when speaking of files, not directories...the X permission allows us to execute files on the server itself.  Shell scripts, the like.  Question: does this also apply to PHP files executed (or interpreted) by Apache/PHP?  In other words, do PHP files need to have X permissions set in order to be viewable over the web by the public or can they be simple r/w?  ??5 or ??6  is another way to ask that.  

we've been tossing it back and forth all morning and I think we won't be able to rest until we know.  Also, luckily, none of us have root access right now to anything where we can test it or else we'd just figure it out oursevles!  If you can believe it...

thanks in advance!

-bakum
0
Comment
Question by:bakum
  • 4
6 Comments
 
LVL 8

Expert Comment

by:Autogard
ID: 16923626
Read access for "other" is sufficient.

e.g. Files owned by a non apache user...

-r--------, apache doesn't serve it
----r-----, apache doesn't serve it
-------r--, apache serves it
0
 
LVL 8

Expert Comment

by:Autogard
ID: 16923663
In fact:

(files owned by root user and group)

---------x, apache doesn't serve it
-rwxrwx-wx, apache doesn't serve it

So looks like apache user must have at least read access on the file.

Something else interesting I saw is that if it is a .php file it won't give you the "Access forbidden!" error, the page will just be blank.  If it is a .html file it will give you the "Access forbidden!" error "You don't have permission to access the requested object. It is either read-protected or not readable by the server."
0
 
LVL 8

Accepted Solution

by:
Autogard earned 1000 total points
ID: 16923698
.....and

I created a directory in my doc root and put an "index.php" file inside of it and accessed it like "http://www.mydomain.com/mydir".
Every user on the system has read access to the index.php file in the directory..
...but this is what happened with various permissions of the directory...

d--------x, apache served it
d------r--, apache did not serve it (and it gave the access forbidden error)

So it looks like directories need to have "x" permissions for the apache user, even if it has "r" permissions on the actual file in the directory.

If I try to access the file directly (http://www.mydomain.com/mydir/index.php"):

Forbidden
You don't have permission to access /mydir/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

....more info than you wanted, huh?  Sorry, got carried away!  :)
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 51

Expert Comment

by:ahoffmann
ID: 16926029
> .. does this also apply to PHP files executed (or interpreted) by Apache/PHP?
no, only if PHP is configured as CGI (which is unusual) *and* that CGI relies on the x-bit

> .. do PHP files need to have X permissions ..
no if PHP is run as mod_php in Apache

> .. or can they be simple r/w?  ??5 or ??6  is another way to ask that.  
they should be 440 or better 400 (sometimes they should be 040, but most admions don't know how to configure that securely)
for testing start with 444, then if it works, try to limit down to 440 and finally 400
0
 

Author Comment

by:bakum
ID: 16928593
Very good.  Full points for the first full answer to my inquiry.  Excellent.  
0
 
LVL 8

Expert Comment

by:Autogard
ID: 16929926
Thanks!
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question