Results 1 to 4 of 4

Thread: File Permissions on Web Server for PHP commands

  1. #1
    Join Date
    May 2008

    File Permissions on Web Server for PHP commands (Group permissions)

    I am building my own website and using my own ubuntu apache2 server.

    I was writing a script(PHP) that opens a text file containing a password (encrypted).

    My problem is a don't know how to set permissions on this file to allow my PHP command to open it and not EVERYONE visiting my site.
    I tried chmod and chown but my original thought of php commands running as root, i now see were wrong.

    I would like to access this file as a PHP command, and my Local User.

    Another question kinda relating to this is I would like to learn more about "Group" permission setting and how to put a user in a group and then give that group access to the "Group" permission on a file/folder. (Just a link to a tutorial or documentation on group file permissions would be great, I tried googling but didn't seem to find anything useful)


    Okay I kinda fixed the first problem. All PHP commands are run under the www-data user so I just chown www-data mydirectory/file and the php runs fine now.
    BUT, now my local user that I connect via FTP with cannot access it.
    I would still really like to learn more about groups and users. If anyone has a good link please share, or a good quick explanation would be greatly appreciated.
    Last edited by JameoPotato; June 12th, 2008 at 01:09 AM.

  2. #2
    Join Date
    May 2008

    Re: File Permissions on Web Server for PHP commands (Group permissions)

    You said you fixed the first problem. Based on your explanation, you didn't. Any user going to the site will still be able to view the file as long as it is in /var/www. See this thread:

    As far as the second problem... You can set your sites up like this:

    /somedir/molotov/www/ < put website files in here
    /somedir/molotov < give ftp access
    /somedir/molotov < put password file in here

    chown /somedir/molotov to molotov
    give read to www-data to /somedir/molotov

    That way, people can't get to the password file by going to because that will be /somedir/molotov/www that they are looking at. A PHP script can still traverse upwards and grab the file.

  3. #3
    Join Date
    Jun 2006
    Kubuntu Jaunty Jackalope (testing)

    Re: File Permissions on Web Server for PHP commands (Group permissions)

    default folder for webpages in apache is /var/www

    If you don't use suPHP then the .php files should be owned by Apache and they must be executable and readable by apache.

  4. #4
    Join Date
    Mar 2007
    Denver, CO
    Ubuntu Mate 16.04 Xenial Xerus

    Re: File Permissions on Web Server for PHP commands


    Good advice -- very concise. Wish every piece of documentation was this way!


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts