Closed Thread Icon

Preserved Topic: 0777 Pages that link to <a href="https://ozoneasylum.com/backlink?for=11983" title="Pages that link to Preserved Topic: 0777" rel="nofollow" >Preserved Topic: 0777\

 
Author Thread
lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 01-08-2002 14:07

Hey,

what do I have to create a folder with mode 0777 in order to be able to create files in it using PHP ?

why 0774 is not enough? PHP being run as what user?

do i have security threats if I set to 0777 ?

thank you.

butcher
Paranoid (IV) Inmate

From: New Jersey, USA
Insane since: Oct 2000

posted posted 01-08-2002 14:49

I was wondering the same thing, I had to CHMOD my files to 666 to be able to write to them.

I'm thinking along the same lines as lallous, there's got to be some type of security problem with a permission set like this, and a way around it... Just not sure what it is.

-Butcher-

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 01-08-2002 16:26

the last of the three digits (yes, three!!!) stands for everyone! when you are surfing the web you are considered as everyone/anyone, so you must have the right 6 to create files in that directory.

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 01-08-2002 17:29

When PHP is running as Apache module, it behaves the same as Apache. By default and for security reasons Apache is always running as "neutral" user like "nobody". PHP will run as this user also. And that's why you must allow r&w access to everyone (the last bit). But, don't be confused with "everyone" term, it's related to everyone who was file system access to your web server (not remote access through web browser). This should only be an issue on shared hosting. If you have dedicated server you don't have to worry very much.

On the other hand, when PHP is running as CGI module, it can be wrapped to run as the same user that you use to access your web server. But, most web hosting providers don't run PHP as CGI module because it's much slower.


« BackwardsOnwards »

Show Forum Drop Down Menu