Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unix permissions, read vs. execute (PHP context)

Tags:

include

php

unix

permissions

I have a php script which needs to connect to a database. The credentials for the database are stored in another php script.

If I set the permissions for the credentials file to 661 so that Public has execute permission but not read permission, does this allow the main script to access the credentials and connect to the DB while preventing someone with a user account on the server from viewing the contents of the credentials file?

I guess I'm confused as to the distinction between read and execute. Does a php script (running as www or something similar) need read-permission to include another php script and use any content inside? Or does it just need execute? Does read permission implicitly give execute permission?

Sub-Question: If I set all of my scripts to only have execute permission and not read, are there any pitfalls I should expect? This is assuming that I will leave any files I need explicit read permission (data files) set to read.

like image 731
Anthony Avatar asked Jan 06 '10 02:01

Anthony

2 Answers

Scripts are read, not executed. Execute permission for scripts tells the loader or kernel to read the shebang line and pass the script to the named interpreter.

like image 180
Ignacio Vazquez-Abrams Avatar answered Oct 05 '22 23:10

Ignacio Vazquez-Abrams

As far as files are concerned, execute permission is irrelevant to you - the user account your web server is running under needs permission to access and read the files in question. In order to traverse into a directory, the user will also require execute permission on that directory.

If you are trying to make your scripts readable by the web server (let's say you're running as the account "www" which belongs to group "www"), and not by other users on the system, here's what I would do (assumes your account is "myuser"):

# Change owner to "myuser" and group to "www" for file(s) in question
chown myuser:www config.php

# 640: myuser has rw-, www has r--, world has ---
chmod 640 config.php

If you want to prevent the world from reading any file in a "secrets" directory, just disable the execute bit:

# 750: myuser has rwx, www has r-x, world has ---
chmod 750 secrets

If you set all your scripts to have execute permission but not read permission, nobody can do anything useful with them (including the webserver) ;-)

like image 21
pix0r Avatar answered Oct 05 '22 23:10

pix0r
Sign in to Comment

Related questions

Notepad++ auto-close HTML tags in PHP files
PHP Manual GZip Encoding
Is it possible to create custom form field attributes in Symfony 2?
What is wrong with my code - circularly sorted array does not show any results
PHPUnit - How to test if callback gets called?
Why are static methods untestable?
Failed to write session data, php and memcached
Get all public methods declared in the class, not inherited
Mixing page orientations in wkhtmltopdf
How to use foreign key when querying from two tables
successful/fail message pop up box after submit?
How to get all child pages of a parent page in wordpress?
How to retrieve full data of record by its foreign key in laravel?
laravel trailing Slashes redirect to localhost
Fatal error: Call to a member function query() on null
Parse Javascript fetch in PHP
Insert to database multiple options from HTML form via PHP
Failed to resolve 'kafka:9092': Name or service not known - docker / php-rdkafka
Something like a callback delegate function in php
Creating new SQLite DBs with PDO

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!