Unix Permissions, Read VS. Execute (PHP Context)

Unix permissions, read vs. execute (PHP context)

As far as files are concerned, execute permission is irrelevant to you - the user account your web server is running under needs permission to access and read the files in question. In order to traverse into a directory, the user will also require execute permission on that directory.

If you are trying to make your scripts readable by the web server (let's say you're running as the account "www" which belongs to group "www"), and not by other users on the system, here's what I would do (assumes your account is "myuser"):

# Change owner to "myuser" and group to "www" for file(s) in question
chown myuser:www config.php

# 640: myuser has rw-, www has r--, world has ---
chmod 640 config.php

If you want to prevent the world from reading any file in a "secrets" directory, just disable the execute bit:

# 750: myuser has rwx, www has r-x, world has ---
chmod 750 secrets

If you set all your scripts to have execute permission but not read permission, nobody can do anything useful with them (including the webserver) ;-)

Correct file permissions for PHP file that doesn't allow the public to execute

In a typical setup used these days a php script does not require the execution permission bit to be executed by the http server. That is because the request does not start the script is a process based on the operating system. Instead the http server only reads the file and feeds the content into the php engine loaded as a module. So the only permission required is that the http server process can read the script.

Things would be different if you were using php by means of CGI instead of as a http server module. But that has a severe performance penalty, exactly because a new process has to be forked for each request.

Is it possible to download php files with read permissions?

The only time "execute" privileges are required is for old-school CGI scripts. Those are literally executed via a shell on behalf of the webserver. Every other file that your webserver accesses only needs "read" privileges.

PHP scripts are not "executed" as if they were program. The PHP plugin within the webserver READS the php code into memory and does the execution there. At no point is there ever really a "php program" running. As long as the file's readable, PHP can load the raw code, then parse/execute it.

Unix/Linux Alike File Permissions

How about a simple bitwise AND (the & operator)?

A bitwise AND will return 0 if the user lacks permission and >0 if the user is allowed access.

$result = $user & $permission

Why does Apache + PHP require execution permissions to write to a file?

You need execute permission to conceptually enter a directory (cd into it, list files within, etc.). It would have been clearer if they called this bit something else for directories. This article recommends thinking of it as the "search" permission on directories.


Related Topics

Macd Function Returning Incorrect Values

How to Avoid Using PHP Global Objects

Mysqli_Query - Return Values

How to Create a New Page in Prestashop Admin Panel

PHP - Override Existing Function

PHP Xpath - Find Element with a Value and Also Get Elements Before and After Element

Set Cart Item Price from a Hidden Input Field Custom Price in Woocommerce 3

Finding @Mentions in String

JSON_Decode() Returning Error "Notice: Trying to Get Property of Non-Object"

No Mail Received in Inbox with Xampp 1.8.0, Mercurymail and Mail()

PHP Strtotime -1Month -2Month

Get Specific Device Information

Passing a Boolean Value from Checkbox in Laravel Form

Find a Percentage Value in a String Using Preg_Match

PHP Type Hinting Not Getting Along with Interfaces and Abstract Classes

Fatal Error: Call to Undefined Function MySQL_Connect() in C:\Apache\Htdocs\Test.PHP on Line 2

Php:Difference Between '&&' and 'And'

How to Remove a Password from a PDF File Using PHP


Leave a reply



Submit