Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

permissions on public_html

Status
Not open for further replies.
neonep

neonep

Programmer
Jun 26, 2003
34
hi all,

I have a public_html directory on my account in a server. There are other users on the server too. public_html being chmod'ed to 777 can be accessed by any other users too. I have some php files in the public_html directory, which are chmod'ed to 777 too to be able to execute them from a webpage. Obviously people won't be able to see my php code from the webpage but other users having access to the server might just cd into my public_html directory and view all my files because they are chmod'ed to 777. Is there anyway to prevent others from actually seeing what my code looks like even though they should be able to execute the php through a web browser? The php code basically reads and writes off a database. I tried changing permissions of the php files to 711 and I couldn't view them from the webpage. 755 still lets them read which I don't want happening. Please suggest.
 
Sort by date Sort by votes
If you change the files to be owned by the same user as the apache process you can then chmod them to 700. Otherwise you're kinda stuck.
 
Upvote 0 Downvote
Or 750 and chgrp them to the group that apache's using.
 
Upvote 0 Downvote
I am sorry but I am kind of new to all these permissions stuff. Can you please explain in detail how I would check which group Apache belongs to , how I would change the user and how I would use chgrp. Thanks.
 
Upvote 0 Downvote
Apache's group is specified in the configuration file, usually /etc/httpd/conf/httpd.conf, like this:

User apache
Group apache

These happen to be the defaults. File permissions are specified for owner, then group, then world, with 3 (main) bits each: read=4, write=2, execute=1.

750 gives all (r+w+x) to the owner, read&execute (4+1) to the group, and nothing to the world.

Since it's not your server, you might not be able to read the httpd.conf file and might have to ask the admins.
 
Upvote 0 Downvote
This is how I did it on my system:
Code: 
s1(~)$ ps -fe | grep httpd
root    8061     1  0  2004 ?  00:00:00 /usr/local/apache2/bin/httpd
nobody  8959  8061  0 Jan03 ?  00:00:07 /usr/local/apache2/bin/httpd
nobody 14460  8061  0 Jan04 ?  00:00:02 /usr/local/apache2/bin/httpd

Ignore the process running as root, my apache process is running as "nobody", so I would do 'chown nobody myfiles*.php' followed by 'chmod 700 myfiles*.php'. You'll probably have to be root to do this.

Just to warn you, someone with access to your server will still be able to write their own php program to view your files.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
161
bhuv560
bhuv560
gregor weertman
  • Locked
  • Question
set samba "template shell" dependent on group
Replies
0
Views
137
gregor weertman
gregor weertman
lslamp
  • Locked
  • Question
Bash Onliner ... 1
Replies
2
Views
280
lslamp
lslamp
theniteowl
  • Locked
  • Question
URGENT Permissions issue 1
Replies
6
Views
197
theniteowl
theniteowl
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
260
daniel.warner
daniel.warner

Part and Inventory Search

Sponsor

Back
Top