index.php permissions

Forum Moderators: coopster

Message Too Old, No Replies

index.php permissions

Tabi

10:33 am on Aug 1, 2010 (gmt 0)

On my site (hosted on a shared host) there is index.php file which has permissions set to 600. As far as I understand, it means that only the owner of the file can read and write the file. ls -l shows that I am the owner of the file and I belong to "users" group.

The question is: how come that it is possible to navigate to this site from a web browser ? I know that the apache process is run under "www" username and that this username belongs to "users" group.

Maybe there is some trick in it.. but if the index.php file has no read nor execute permission for group and for others, then how can "www" user read it?

I am sure that Apache reads this file and not some other file, because for test purposes I renamed index.php to other name and then the site was unreachable.

enigma1

1:03 pm on Aug 2, 2010 (gmt 0)

It depends who runs the file with 600. In other words is the server configuration and/or the host should be able to tell you about it. With what account level you execute the ls command?

For example the PHP could run with a different owner name than the name you use for ftp (or nobody). So seeing a file with 600 attrs using an ftp account doesn't necessarily mean the server has 600 access.

If you only have access to the application and its php try the posix_* and fileowner/filegroup functions and see what they say for a file in question.