stackoom
  简体   繁体   中英

Do I need to set “group” permissions when using chmod?

 原文  2014-07-31 18:51:19       php/ file-permissions/ chmod

Question

I need to set chmod for a file so that everybody can view the file, and only the web server holding it (or PHP script) can overwrite it.

What would be the correct chmod setting for this? Can you explain what groups are? Are they relevant for me?

1 answers

solution1
 0 ACCPTED  2014-07-31 19:13:27

Generally the file should be owned by, or be in the group of, the web server user. Assuming your web server runs under www-data , that would mean running this: 

chmod u+w file.txt        # write access for the file's user
chmod ugo+r file.txt      # read access for user, group, other
chown www-data file.txt   # change owner

Or this: 

chmod g+w file.txt        # write access for the file's group
chmod ugo+r file.txt      # read access for owner, group, other
chgrp www-data file.txt   # change group

The latter is useful if you wish to make the files writeable by an owner user - this is common if you wish to rsync the files, or perhaps git pull , under your normal account.

Note that users and groups are different things. The above examples take advantage of the fact that 'www-data' is a common user that is created by installing Apache, and 'www-data' is a common group that is also created at the same time. Yes, they are named identically, and are two different things!

You asked what a group is. It is normally used as a category for users, so for example a university might have groups called 'students' and 'staff'. Users can be added to any number of groups, so research students could arguably be added to both, for example, since they qualify as being in both categories. Membership of groups then allow system administrators to confer read and write privileges on a global basis, without having to worry about resetting users individually.

It's worth being careful with what you make writeable by the web server, especially files and folders that are within the normal document root. If there is a vulnerability in your web app, you don't want users being able to create PHP files via the web server, otherwise arbitrary remote execution may become possible.

To defend against this, if you are (for example) just uploading text files, do so outside of your document root, so they cannot be remotely executed. And if you are uploading images (which need to be in the doc root) disable the PHP engine for that directory.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set file permissions (chmod) appropriately? Not able to change the file permissions using chmod in PHP Need Help Setting Chmod Permissions on New Directory via PHP restore permissions after set by error chmod -R 775 / File Permissions and CHMOD: How to set 777 in PHP upon file creation? Filesystem operations don't work from my PHP script; do I need to chmod something? Do i need to use stream_set_blocking when using phpseclib? Web App fails when moved to production environment. Which server permissions do I need? Changing File Permissions using SSH and CHMOD to allow file uploads php mkdir() chmod and permissions
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM