Why my php-script executed when file permissions only read and write?
Question
My name lebnik, and information about me:
# id lebnik
uid=1000(lebnik) gid=1000(lebnik) groups=1000(lebnik),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)
My web-server Apache run php-scripts from user www-data, check this:
root@debian /etc/apache2 # grep -R "APACHE_RUN_USER=" .
./envvars:export APACHE_RUN_USER=www-data
Information about user www-data:
# id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)
I create php-script file.php:
<?php
error_reporting(E_ALL);
ini_set('display_errors',1);
echo 'script executed';
?>
Next, I check permissions my file.php
# ls -la
total 16
drwxrwxrwx 1 www-data www-data 4096 Oct 18 00:49 .
drwxrwxr-x 1 www-data www-data 4096 Oct 18 00:36 ..
-rw-rw-r-- 1 www-data www-data 225 Oct 18 00:46 file.php
I try call my script with Apache: curl http://starsite.l/file.php and see:
script executed
Why my php-script executed when file permissions only read and write?
1 answers
solution1
3 ACCPTED 2014-10-19 06:32:45
The execution permission prevents the shell from executing the file, but it doesn't prevent another application from reading the text file and executing it. the php engine doesn't care about the executable permission bit.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.