What file permissions to use to get our PHP scripts communicating?

Forum Moderators: mack

Message Too Old, No Replies

What file permissions to use to get our PHP scripts communicating?

PHP scripts and file permissions.

QLifeTilt

9:47 pm on Nov 30, 2008 (gmt 0)

We have files on our server that we'd like to be able to update via a PHP script. I've heard the horror stories of using 777 permissions, but I don't see any other way around it.

We've tried the secure way, using 755 directories and 644 files, but our scripts can't edit these files, unfortunately.

Would it be safe to update files with 777 permission within a 755 directory owned by eproxim? Or what about 766 files, would that be safe?

Another issue we're running into is that we must keep the ability to use a regular FTP client if we need to. Depending on the permissions, sometimes using a regular FTP client won't let us edit these files.

Thanks SO much in advance for any help you guys can give me :P

QLifeTilt

3:12 am on Dec 1, 2008 (gmt 0)

One of our programmers just informed me that the script will work with 766 or 666 files in a 755 directory. Is this secure?

QLifeTilt

7:48 pm on Dec 1, 2008 (gmt 0)

anyone? I'm lost :/

coopster

8:42 pm on Dec 1, 2008 (gmt 0)

I seen the similar thread over in the *nix forum: 755 Security Holes? [webmasterworld.com]

It comes down to the permissions. The web server will run as a certain user and access to read/write/execute files from the browser will pertain to that user. Once you have the user(s) figured out, grant the permissions as necessary and you should be good to go.

There was a discussion once in the PHP forums regarding permissions for directories that needed write access, like file uploads for example. Here it is:
[webmasterworld.com...]

There is some good reading in there as well.