Web lists-archives.com

Re: [PHP] File Permissions?




Unix permissions assignments: owner, group, others
755 = owner:7, group:5, others:5

In octal, 7 is full permission for anything (file/directory): read +
write + execute.

An example: If some file (e.g. index.php) is assigned to
webservice:users (owner user "webservice", group "users") and has 755
permissions, it means that any action called from a process running as
"webservice" account can do anything over that file, members of group
"users" can only read & execute, and others can also read & execute.

For the same case in a directory (permissions 755), concrete consequence
is that the owner ("webservice") can CREATE files in it and give them
the desired permissions.

How can a web visitor make use of "webservice" account?
If your HTTP server software runs as "webservice", then any .php script
runs with same account permissions. If you have a .php script that
allows visitor to upload or create other PHP files, you have the door
open to a bad guy creates his own pages/scripts with server's filesystem
access (only restricted by open_basedir directive).


El 16/08/17 a les 18:43, Tedd Sperling ha escrit:
> 
>> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson <adamjonr@xxxxxxxxx> wrote:
>>
>> 755 is typical for directories, but 644 for files.
>>
>> -snip-
>>
>> Adam
> 
> Adam:
> 
> If you set a file to 755, then how does bad guy do bad things with it?
> 
> Certainly, with 755 the owner can do anything he wants (read, write, execute), but the “group” and “everyone else” can only read and execute (5) the file — there is no “write” to the file. Without a “write”, then how can a bad guy change/upload a file?
> 
> There is something here I am not understanding. Please explain.
> 
> Cheers,
> 
> tedd
> 
> _______________
> tedd sperling
> tedd@xxxxxxxxxxxx
> 
> 
> 
> 
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php