Www-data用户访问/ var / www /之外的文件/文件夹
[英]Www-data User to Access files/folder outside of /var/www/
问题描述
Ok, is there a way for the PHP user (www-data) to gain access to other parts of the server, for example, /home/username/another_folder/ ?? 
好的,有没有办法让PHP用户(www-data)访问服务器的其他部分,例如/ home / username / another_folder / ?? Thanks in Advance. 提前致谢。
Will 将
EDIT: Do I just add www-data to another group?? 编辑:我只是将www数据添加到另一个组? Or something like that, or is there another way? 或类似的东西,还是有另一种方式?
2 个解决方案
解决方案1
3 已采纳 2010-02-07 04:32:03
You can create another group and add the www-data (if your webserver runs under www-data user) to this group, then assign this group to all those files you want to be accessible. 您可以创建另一个组并将www-data (如果您的Web服务器在www-data用户下运行)添加到该组,然后将该组分配给您希望可访问的所有文件。
Or if you just need the read permission, and it is not an issue that other users on the system have read access to your files, then just change permissions of your files (in other places) to have the read permission for other . 或者,如果您只需要读取权限,并且系统上的其他用户对您的文件具有读取权限不是问题,那么只需更改文件的权限(在其他位置)即可获得other的读取权限。 For example, 775 for your directories and 644 for your files. 例如,您的目录为775 ,文件为644 。
Remember that you can not serve pages in places other than your Document Root (for example /var/www), even though your webserver user has the permissions to access those files. 请记住,即使您的Web服务器用户具有访问这些文件的权限,您也无法在文档根目录以外的位置(例如/ var / www)提供页面。
However if you configure "aliases" or "virtual hosts" for your web server, you can make places other that your default document root, accessible by HTTP requests. 但是,如果为Web服务器配置“别名”或“虚拟主机”,则可以将其他位置设置为默认文档根目录,可通过HTTP请求访问。
But PHP files that are under your document root and executed by the web server, CAN read contents of files outside the document root IF the web server user has enough permissions. 但是,根据您的文档根目录并由Web服务器执行的PHP文件,如果Web服务器用户具有足够的权限,则可以读取文档根目录外的文件内容。
// file permissoins
/tmp/shared_by_all.txt -> 644
/home/user1 -> 751 or 755
/home/user1/shared_by_all.txt -> 644
/home/secureuser -> 750
/home/secureuser/myfile.txt -> 640 (or even 644 because of the containing directory permissions, other can not even enter the directory tree. so file is not accessible)
// file: /var/www/read_file.php
<?php
echo file_get_contents('/tmp/shared_by_all.txt'); // ok!
echo file_get_contents('/home/user1/shared_by_all.txt'); // ok!;
echo file_get_contents('/home/secureuser/myfile.txt'); // fail!;
?>
解决方案2
2 2010-02-07 04:33:27
You could change the group ownership ( chgrp ) of your folder to www-data (if www-data is its own group.) 您可以将文件夹的组所有权( chgrp )更改为www-data(如果www-data是其自己的组。)
You could change the user ownership of that folder ( chown ) and chmod it so that multiple users can access it. 您可以更改该文件夹( chown )的用户所有权并chmod它,以便多个用户可以访问它。 (Like farzad said) (像farzad说的那样)
You could create a group ("me_and_web") whose only members are "username" and "www-data", and chgrp -R me_and_web /home/username/another_folder 您可以创建一个组(“me_and_web”),其唯一成员是“username”和“www-data”,以及chgrp -R me_and_web /home/username/another_folder
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.