I have a PHP Script running on Linux that requires 777 Permission to write into folders but this permission is such a risky one is there a way out to avoid that permission instead of the ability to write?
Thanks
Asked
Active
Viewed 1,074 times
0
-
1Yes, set the correct owner and group for the directory. Then you can set the permission only for the user or group – Dan Feb 28 '18 at 22:40
-
1Use `chown`. Depends of your configuration, if Apache: `chown www-data:www-data folder`. – Syscall Feb 28 '18 at 22:40
-
@dan08 the home directory owned by the account user and the group is user nobody from apache... – CatChMeIfUCan Feb 28 '18 at 22:46
-
@Syscall do I have to change the owner of the home directory to nobody or have to change the permission of nobody user? – CatChMeIfUCan Feb 28 '18 at 22:46
-
Do not change the permission of user, change owner of the directory. `nobody` is the user of the caller of PHP? – Syscall Feb 28 '18 at 22:50
-
@Syscall yes it is – CatChMeIfUCan Feb 28 '18 at 22:55
1 Answers
2
Make that directory owned by your php script, likely by chown for www-data:www-data, and then assign 755, so only web user can write to it. Obviously, block directory listing on your web server for that directory.
user2001405
- 36
- 2
-
-
1@CatChMeIfUCan - imagine that php script writes to /var/www/foo, then I would do: sudo chown www-data:www-data /var/www/foo, followed by sudo chmod 755 /var/www/foo, followed by editing /etc/apache2/apache2.conf from here: https://stackoverflow.com/a/31445273/2001405 – user2001405 Mar 01 '18 at 21:11