PHP Permissions

3 posts / 0 new
Last post
#1 Tue, 08/01/2006 - 06:31
ChrisEyre

PHP Permissions

Really pleased with Virtualmin - fantastic bit of software!!!

I have been migrating my sites over to my new server and spotted something odd. I have some sites where I upload files using PHP to a folder in the site. Previously I have had to change the permissions to chmod 757 to accommodate the upload, but 757 now throws up permissions problem on the new server. Changing the chmod to 777 solves the problem.

Is this SUExec at work, in which case why is it the Group permissions that make a difference? Do I need to chown the upload folder to anything different? Any help on this matter will, as always, be most appreciated.

Tue, 08/01/2006 - 12:41
Joe
Joe's picture

Hey Chris,

SuExec is not yet working on PHP scripts, unless you have checked the "Run PHP as user" option (which runs it as a slower CGI mode program).

However, I strongly recommend against 777 permissions. That last 7 means that anyone on your server that can reach your files through the directory tree can modify them, meaning they can execute any arbitray command as the web server user or as the user who owns the file (depending on whether it's running via CGI or mod_php). SuExec will refuse to run anything that is world or group writable.

So, to answer your question, this is not suexec at work, as suexec would simply refuse to run anything that is group or world writable (and yours is wide open).

I've just about got fcgid squared away, so even PHP will soon run with SuExec...in the meantime you could switch over to running PHP scripts as CGI, which will make it run as the user under SuExec. You can then tighten the permissions down to 750, or even tighter for particularly sensitive stuff (like data files).

--

Check out the forum guidelines!

Mon, 08/07/2006 - 08:28
BossHog

Hi Joe
new virtualmin user here. Great project, thanks to all the devs!

Joe, I am in the testing phases, using the VM-GPL version.
I have looked closely at my options in Apache, PHP, CGI and not having any luck finding the "Run PHP as User.."

Is this an option that may be missing in the GPL version?
Or can we add a directive to achieve the same effect?
Thanks for any suggestions.