I need to know what is the most secure and reliable way to put
permissions
on a .php file. I usually put it as rw-r-r, is this good or is there a better way of arranging the permissions?
Depends on your environment. I usually have mine set up as rw-rw---- (directories as rwxrwx---) with the owner the same as what my webserver
runs as (apache), and group writable so that multiple people can edit
them. Even if you're the only one who is going to edit the files, and
you're the owner of the files and you're set up rw-r--r--, you may run
into problems if php/Apache needs to write to the file (unless Apache is
running as you).
Well, I want to have the most security for my .php file because it stores passwords. Besides if there is no permissions set for the 'world' how can someone's browser use the .php file? shouldn't it atleast have a read or execute (I'm not sure, please comment on this) persmission?
No, it's the webserver which is serving up the file; the client doesn't come into play for permissions. Technically, the file only needs to be r-------- with the owner of the file as same as the what the web server is running as. However, you won't be able to write to it (unless you're root). My suggestion would be, if you're going to be the only one editing the file....
1) Make the owner of the file you
2) Make the group of the file the same as your webserver
3) Set the permissions to 640 (rw-r-----)
4) Place it in a directory outside of the webserver's document root
5) Make yourself the owner of the directory, and group the same as the webserver.
6) Set permissions on the directory as 750 (rwxr-x---)
-- By-Tor.com It's all about the Rush http://www.by-tor.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
