0

I have 770 permission set on all of my server files and the apache user (www-data) has been added to the group owner for each of the files. Apache works just fine but I have to have at least 774 permissions for the php scripts to work. Does php run under a different user?

Craig Lafferty
  • 771
  • 3
  • 10
  • 31
  • It depends on your system config. Find out: [How to check what user php is running as?](http://stackoverflow.com/q/7771586) – Pekka Jan 07 '14 at 00:26
  • From my research I gathered that php scripts were run from apache directly which is why I was confused. – Craig Lafferty Jan 07 '14 at 00:28
  • 1
    How did you arrive at 770 as a good permission level to use? – Mike Brant Jan 07 '14 at 00:30
  • Is it relevant? This is just a private server for testing and developing and I have a few sites on it. I am using ftp to allow different users to access their own directories so I used groups to facilitate the whole thing and as far as I'm concerned if I haven't added a user to a group then they have no business seeing my or other people's files. Hence the 0 for others. – Craig Lafferty Jan 07 '14 at 00:34
  • It's very relevant, especially since you've jeopardized your security in an effort to establish security. Are users prevented from creating php files and accessing them in an apache server? – skrilled Jan 07 '14 at 00:36
  • @Pekka웃 I checked the user and it is running as www-data which has full permissions as it is in the group that "owns" the files. I still have to grant at least read privileges to "others" for the scripts to execute. – Craig Lafferty Jan 07 '14 at 00:37
  • If I'm a user and I make a script named lol.php, are you saying there's no ability for it to ever be loaded via apache unless you specifically go out of your way to enable that permission set? – skrilled Jan 07 '14 at 00:38
  • Exactly. These aren't web developers. I have content management systems in place so they can add photos/ect, not run scripts. – Craig Lafferty Jan 07 '14 at 00:40
  • Oh okay, I think that was the misunderstanding that most of us would assume happens all the time here. At least you know what you're doing. I simply haven't answered your question because from a permissions standpoint apache should be able to read and execute code as long as the file is readable. You technically wouldn't even need rwx on that user or group. – skrilled Jan 07 '14 at 00:41
  • In fact not only should it work... I've already replicated what you were trying to do on a box with 0040 as the permissions, root as the owner, and apache as the group with no issues :/ – skrilled Jan 07 '14 at 00:42
  • I just don't get it. I've had this problem before as well and I could make it work by changing the permissions but it has just been bugging me not knowing. – Craig Lafferty Jan 07 '14 at 00:46
  • You're positive apache is running as www-data? In older versions it would run as apache. If you changed this, did you restart apache? There's just no reason a file should have to be world readable if the group is correct. – skrilled Jan 07 '14 at 00:49
  • I'm positive. I think I must just be experiencing a bug. – Craig Lafferty Jan 07 '14 at 00:53

0 Answers0