: What should the Unix file system permissions be for PHP files under Apache? What is the best practice for permissions with PHP files? When should they be writable, or executable? What owner
What is the best practice for permissions with PHP files? When should they be writable, or executable? What owner is best?
I'm using an Apache server.
More posts by @Candy875
6 Comments
Sorted by latest first Latest Oldest Best
PHP in itself is a scripting language. I'm gonna assume you (op) want to know about best file permissions in web folders.
It really depends on what you're trying to achieve with the server you're with as well as what remote users should have access to, etc.
If you're only using the server solely for the purposes of publishing web pages via PHP scripts, then the file permissions 755 would work well (not 655), that way the owner of the PHP file has full control of it while the rest of the world (including the group the user is in) will only be able to read the file and execute it.
For improved security, then use file permissions 711 so that the world would at best only be able to execute the file. Also, consider adding functionality to the apache server that causes it to switch the user on every request for even greater security. By this, I mean add mod_ruid2 module, or suPHP module, etc.
Commonly used permissions for Cpanel are:
Folder permissions: 755
General File permission: 644
Configuration file permissions: 444
0655 is the best permission level. There's really no reason for changing your files above this. Of course there may be a folder here or there that requires some write permissions, but for everything else 0655 will work.
As a tip, make sure that all of your files are owned by apache. This can easily get changed if you ftp'd your files onto the server. So make sure you set them to apache for production sites. This will eliminate a lot of permission issues when running such a tight ship.
PHP scripts should be editable by the owner, readable by a group the apache user is in, and optionally readable by anyone. They don't need to be executable. Ideally, most of the php scripts should be outside of a web-accessible folder, especially any configuration files. This way even if there is a problem with the apache configuration, your php files will never be exposed to the web. Often you'll just have an index.php page which calls require_once() on a script in the protected directory outside the web-accessible folder. A .htaccess file rewrites all incoming requests so that they go through the index.php, which then uses the router in the protected directory to figure out what to serve.
You may be confusing the roles of PHP and the file system. PHP does not have read, write, or executable permissions. Those are handled by the underlying filesystem (ext4, NTFS, etc).
You can use PHP functions such as is_writable() and is_readable() to determine the permissions of a given file, and chmod() to change them.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.