Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Difference between read & execute, file permission

Tags:

html

php

web-deployment

This may sound like a pretty basic question, but I'm a bit stumped on what constitutes as "reading" a file, and "executing" a file.

For example: User 1 buys a ticket from an online website, and wants to view the ticket (as a jpeg), which is displayed on the website.

Is this considered to be "reading" the folder? or is this actually executing the folder?

If the user permissions is set to "read only," that means the user CAN access the file via an action on the website(in this case, an image of their purchased ticket), but cannot access the file via direct url link right? Such as, www.exampletickets.com/user1/tickets

like image 835
arsenalftw067 Avatar asked Dec 20 '17 19:12

arsenalftw067

2 Answers

Folder Permissions:

  • Execute -> Actually enter that folder but not be able to read it's contents, see what files are located there.
  • Read -> Be Able To Read Folder Contents
  • Write -> Edit folders data. delete or create new files/folders inside it and etc

File Permissions:

  • Execute -> if it's script like index.php run it to get data from it
  • Read -> if it's text file like index.html or index.php be able to read it
  • Write -> ability to change its data

As for security, this permissions are only an issue when your server is accessible by other (not from your team) users and this was mainly happening when people where using hosting services where they were not getting dedicated operating system but there was one operating system and all the users where uploading their data there. So if not correctly secured, they could view and edit each others source codes.

Today as usual you get dedicated server, with more security tools and operating system which is accessible only by you and no one else (virtualization).

So you don't need to worry that someone will view or change your data as you are the only one who has access to that server.

like image 112
Giulio Bambini Avatar answered Sep 21 '22 11:09

Giulio Bambini

The webserver (apache, nginx,...) will serve any image files them by reading them, not executing them - same for any other files - regardless if accessed directly or not.

Also, the Linux file permission is given from the machine itself - here, the user will be the user running the webserver instance - usually a linux user named like "www-data". So it does not have anything related to your website's user.

For more information (what are the perfect file and directory permission for your websites ?) -> https://serverfault.com/questions/345833/what-are-perfect-unix-permissions-for-usual-web-project-directories

like image 28
Cedric Avatar answered Sep 23 '22 11:09

Cedric
Sign in to Comment

Related questions

Make HTTP/2 request with PHP
phpunit - Help needed about risky tests
Datatables + PHP: Server-Side Processing on Multiple Tables
What does double colon in laravel means
CakePHP 3 REST API + CORS Request and OPTIONS method
How to check in .htaccess if PHP is enabled?
Dropbox API v2 PHP upload file issue
What is the iterator_to_array function in PHP?
How do I get the earliest possible datetime in php?
PhpStorm "Test framework quit unexpectedly"
Php Class & Trait methods with same name
XMLHttpRequest cannot load resource
PHP preg_match returns only first match
Cannot allocate memory: fork: Unable to fork new process on aws
Sanitising and Adding Post Meta with unknown number of fields
sudo composer install vs. composer install
React Fetch to Laravel API Creates New Session
Laravel 5.4.* - The "" directory does not exist when running artisan
Laravel Passport API: Retrieve Authenticated Token
Change the Database Connection Dynamically in Laravel [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!