Proper Permission for Apache and PHP applications
Posted on 2008-06-18
Im in charge of two RHEL 5.x servers with Apache 2.x and PHP 5.1.x
A team of programmers just installed an application to the server and they want to chmod 777 almost all the files and directories their application uses, claiming that without this, the PHP code will not run properly.
Most of the application is written in PHP with calls to external utilities like html2ps.
There is a temporary directory where users should upload documents and another temporary directory where html pages are transformed into PDF using html2ps php module.
My questions are (not being a security expert)
1- Is it wrong to chmod .php and .sh scripts with 777 under the webroot directory of Apache?
I guess there is no need to chmod 777 a script, but since I am not a php programmer.....
2- Can I chmod 775 and chown root:root all files under webroot?
3- Is it ok to chmod 777 the two directories for uploads and html2ps conversion only?
4- Why would a php programmer say that he needs 777 to make a .php work?