View Single Post
Old 06-19-07, 09:26 AM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Managing File System w/ PHP.... what permissions should I use?

PHP runs under the security context of the webserver. On Ubuntu it's www-data, on CentOS it's apache.

You'll need to set group/owner correctly on the files/folders you want PHP to have access do, depending on the need. You could use mod_suexec but I wouldn't recommend that.

I'd recommend looking at installing Suhosin to compensate for some of the PHP security flaws.

Modules I use:
eAccelerator - PHP optimization and caching, http://eaccelerator.net/
Suhosin - PHP security module, http://www.hardened-php.net/suhosin.127.html
mod_deflate - Gzip content on the fly for HTTP 1.1 clients, http://httpd.apache.org/docs/2.2/mod/mod_deflate.html
mod_evasive - Protection from misbehaving clients and DoS attacks, http://www.zdziarski.com/projects/mod_evasive/
mod_security - Protection from script kiddies and bots, http://www.modsecurity.org/ with select rules from http://www.gotroot.com/

Applications I use:
fail2ban - Ban clients after 10 404's or auth fails, http://fail2ban.sourceforge.net/
evilghost is offline   Reply With Quote