: Setting file permissions on linux to allow PHP to write to a directory I have a website built with Codeigniter and hosted on a Linux box. I am trying to follow "best practices" when it comes
I have a website built with Codeigniter and hosted on a Linux box.
I am trying to follow "best practices" when it comes to my file permission settings, but I'm not sure if I completely understand the security implications if I set a directory to 777.
I have an images folder which is publicly accessible (it needs to be for website users to see the website images). My Codeigniter code needs to write to a a subdirectory in that folder ('images/data') occasionally.
All of my files are defaulted to 644, and my directories to 755. For the directories that Codeigniter needs to write to, I set the permission to 777.
That seems like it's too loose. Is there some way to restrict my system so that only Codeigniter is granted "write" access to those directories? I've read some stuff online about setting the owner to "apache" but as far as I can tell, I don't have an "apache" owner on my linux box. I just see root and then the website domain owner (the server hosts multiple domains, each has a "user" account).
More posts by @Si4351233
1 Comments
Sorted by latest first Latest Oldest Best
I have now had some feedback from my ISP which pointed me in the right direction, which is the PHP file handler in use on my server.
My server is set up with the DSO handler for PHP 5. That means that files and directories created by my php scripts will be owned by "nobody", and therefore need to be accessible by "Other", so I need to set the permissions to 777 on directories that need to be written to by my php scripts.
The alternative is to set my PHP 5 handler to suPHP. This is a little more secure because it means that my php scripts write as the owner of php code. This means I can leave my directories as 755. There is apparently a bit of a perfomance hit with this. Also, depending on your current permissions setup, it could require pretty extensive changes to the permissions on your existing files and folders. There are also some concerns that if your php scripts have the same permissions as the site owner, you can really do some major damage with a malfunctioning script.
Here is a good summary of the differences between DSO and suPHP: helpdesk.wiredtree.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1663#
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.