I try to set up a server in AWS
I have 2 folders in the www Folder of the apace server.
www/userdata
www/WebContent
How do i have to set the file permissions for the WebContent folder.
I think when the server is serving the php page it doesn't allow the php page (php script) to fetch the data from the /userdata folder.
So the pages in the webcontent server are readable by everyone.
The /userdata folder is not readable by everyone.
The php page gets the date from the /userdata folder just when the /userdata folder is readble by everyone.
This is my fist time trying to set up a server without vs code.
How do i have to set the permissions or group or what ever to get this work.
Thanks for the answers.
benni
the solution was to set the document root of the apache server to /WebContent
now just the server side script can access the userdata because on the other hand only the document root can be accessed from outside. The date is not accessible from outside but the php page is.
Bye
Benni
Related
I think I'm misunderstanding something fundamental about file permissions in an OpenShift PHP app. How do they actually work?
I develop on OSX and push changes using SourceTree. When I log in to the app via an SFTP program (Cyberduck) the index.php file shows its permissions set to 600, yet visitors can view it OK in a browser.
This surprises me, as I thought the file would require permissions of 644 to be browsable (like an Apache webserver).
On OpenShift, it seems as though file permissions 600, 640 and 644 are all equivalent. Is this correct, or am I doing something wrong?
Related:
My OpenShift app has a cgi-bin folder containing a cgi program that should only be executed (called) from a PHP file. In other words, any PHP script should be able to call this cgi program, but a visitor attempting to browse to the cgi-bin folder directly should not.
I set both the cgi-bin folder and cgi program file permissions to 700 (so only the 'owner' has read/write/execute set, and no permissions are granted for 'group' and 'others'). However visitors can still browse to the program URL directly and execute it (e.g. www.example.com/cgi-bin/program.cgi) - as if the permissions were 777. How do I solve this?
I think you are used to a system where one user owns the files being served, and the web server runs as another user, but since the files owner (your user account that is that big long hash) is also the owner of the process that runs the web server on OpenShift, then it is using the "6" part of the permissions, so it makes sense that the other two digits that you add don't make a difference. If there is a script that you don't want web accessible, but that you want PHP to be able to execute, then you should place it outside of your web directory that contains your php files. The easiest way to do that would be to create a "php" folder in your repo, and put your files inside of it that need to be web accessible. That will change your documentRoot to that php directory, and you can put your script one level above that so users can't execute it with a web request.
Is it possible to check for a directory on a users computer without knowing the directory? I want to write a php program that allows me to look at my skype photos, but every computer has a different file directory, based on the account name on the computer. File Directory:
C:\Users\compUser\AppData\Roaming\skype\Pictures
I'm looking for a similar function where; if we were to make the run command on a windows pc, you can type %appdata%\skype\pictures and have the file directory pop up.
PHP is a server side language, it can only browse the files on it's own server.
You can't access to local user pc directory for security motivations, you can access only to server directory (where php run)
PHP is a server side language, it can only browse the files on it's own server.
and you cannot access any file from computer to php server without input
I'm starting to set up the security for my web server. For this, I created a folder outside of my www folder, where I put my config.php. This file holds sensitive database infos.
I have two questions:
1) Should I rather keep it in the www folder and then move everything else down one level and make my web server point to that new web root?
2) What permissions should I set?
currently I have set the
owner to root (read-only)
group to root (read-only)
others (read-only) as well
I'm only really worried about others. Should I rather specify a user for it or create a new group altogether? Please also mention any other considerations. Thanks
EDIT: I forgot to mention, my web server distro is Ubuntu 10.10.
EDIT2: My web server is nginx
if you do move your config.php file outside of your www, you may have a openbase_dir issue, which what will not allow that script to be processed as a php file (only on certain server configs.. I think that moving your config file outside of the www folder is unnecessary as long as it is not echoing all that info out.
Keep in mind that if your server is processing php files correctly your server will not reveal the file content to the world.
so:
1) Keep it in the www folder
2) I set mine to 644
take a look at this for some more security info:
http://www.acunetix.com/websitesecurity/php-security-3.htm
Good luck,
Joe
I feel that safe mode should be off, but it's deprecated
OR
move config.php to config/ and then put this in config/.htaccess:
Deny from All
I have deployed my PHP web app on Amazon Ec2 cloud , but my files are not running ,because my my files's are uploed using ec-user account while if i create a file there using root it can run easily.
i have changed the owner and group of all uploaded files to root , but then also server response is
The website encountered an error while retrieving mydns/index.php It may be down for maintenance or configured incorrectly.
while if i run another file which i create there using putty then it runs perfectly.
Please help me if u think a some configuration is required there
I have deployed the website there inside /var/www/html/somefolder/
check the permissions of a .php file which is working and one which isn't with ls -l. I believe the permissions need to be 744.
Unix is case sensitive while Windows is not when i am referring any files in case sensitively the PHP gives error in Unix only so, to make it woking I need to make all paths and file referencing like
various include ,require,src and action varible and methods case sensitive.
Thanks to all of you.
See an example here: http://mattpotts.com/portal/
I put an includeme.htm in each directory on the required path to find the point of failure. It works fine on my local machine (windows) with the same directory structure but fails on my remote (linux) server.
Directory structure:
+-firefli/ drwx--x--x
+-private_html/ drwx------
+-foo/ drwxr-xr-x
+-bar/ drwxr-xr-x
+-portal/ drwxr-wr-w
+-public_html/ drwxr-wr-w
+-foo/ drwxr-wr-w
+-portal/ drwxr-wr-w
The permissions confirm that it's the private_html directory causing the trouble. Hopefully you can see the purpose of the directory structure, I don't know if it's a common way of doing things but it works for me. Well, until now.
I've gone a very long way around asking it but my question is simply this: is there anything wrong with setting private_html to be drwxr-xr-x? Given that I do not want it to be accessible via the web. But the permissions shouldn't do that should they? Because it's apache making the public_html directory accessible via http.
You shouldn't need to block out web users with folder/file permissions on private_html, as it's outside the web root. As you say, web users can only get to stuff in public_html
For future debugging speed, if you have a relative web path you can convert it to a real path using realpath:
$path = realpath('../../private_html');
// $path is now /public_html/foo/private.html or whatever
Well, if you have set up your DocumentRoot correctly to point to public_html, it won't be accessible from the web, no matter what permissions you put on it.
The Private HTMl is not accessible from the web without you putting in a .htaccess file that would redirect it. If you don't know what that means/how to do that, you are safe.
You should be fine setting these permissions to whatever your script needs.
what are the user:group for private_html? The web server needs to be either a member of the group or the owner of the file. In order to read the directory contents the dirctory needs to have the execute permission for the webserver to open it. Essentially they should have the same user:group as public_html. You just want to disallow the write permission. tot he webserver. If you have set your document root to public_html private_html is not accessible via the web no matter what the permissions. Also, i always use realpath on the path arguments to and file operation.