Re: [PHP] File Permissions?
- Date: Wed, 16 Aug 2017 19:37:00 +0200
- From: Narcis Garcia <informatica@xxxxxxxxx>
- Subject: Re: [PHP] File Permissions?
Unix permissions assignments: owner, group, others
755 = owner:7, group:5, others:5
In octal, 7 is full permission for anything (file/directory): read +
write + execute.
An example: If some file (e.g. index.php) is assigned to
webservice:users (owner user "webservice", group "users") and has 755
permissions, it means that any action called from a process running as
"webservice" account can do anything over that file, members of group
"users" can only read & execute, and others can also read & execute.
For the same case in a directory (permissions 755), concrete consequence
is that the owner ("webservice") can CREATE files in it and give them
the desired permissions.
How can a web visitor make use of "webservice" account?
If your HTTP server software runs as "webservice", then any .php script
runs with same account permissions. If you have a .php script that
allows visitor to upload or create other PHP files, you have the door
open to a bad guy creates his own pages/scripts with server's filesystem
access (only restricted by open_basedir directive).
El 16/08/17 a les 18:43, Tedd Sperling ha escrit:
>> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson <adamjonr@xxxxxxxxx> wrote:
>> 755 is typical for directories, but 644 for files.
> If you set a file to 755, then how does bad guy do bad things with it?
> Certainly, with 755 the owner can do anything he wants (read, write, execute), but the “group” and “everyone else” can only read and execute (5) the file — there is no “write” to the file. Without a “write”, then how can a bad guy change/upload a file?
> There is something here I am not understanding. Please explain.
> tedd sperling
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php