Can the owner of a file/folder be given just read access?
Posted on 2014-01-11
Is it possible for the the owner of a file/folder to merely have read and execute permissions in Linux? And then have another user with full read/write/execute who is not the owner?
The reason being is that not long ago, we were hacked due to php vulnerabilities and someone used sql injection that took over the site. The loopholes in php have been patched. However, we believe the reason the person was able to do this was because the owner of the file/group for those directories had full write permissions, so when the php code executed it acted as 'the owner'. This way, if something like this was attempted again, the php script would attempt to execute as the owner and realise it doesn't have permissions and fail. I'm assuming?