Go Back   nV News Forums > Software Forums > Software Development

Newegg Daily Deals

Reply
 
Thread Tools
Old 06-19-07, 09:04 AM   #1
ViN86
 
Join Date: Mar 2004
Posts: 15,486
Default Managing File System w/ PHP.... what permissions should I use?

im working with PHP and need to be able to create folders and store/retrieve files from the folder. my server is a linux box, running Slackware 11.0.

what permissions do i set to allow PHP to have full access to the folder, while keeping my system secure?

thx
ViN86 is offline   Reply With Quote
Old 06-19-07, 09:26 AM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Managing File System w/ PHP.... what permissions should I use?

PHP runs under the security context of the webserver. On Ubuntu it's www-data, on CentOS it's apache.

You'll need to set group/owner correctly on the files/folders you want PHP to have access do, depending on the need. You could use mod_suexec but I wouldn't recommend that.

I'd recommend looking at installing Suhosin to compensate for some of the PHP security flaws.

Modules I use:
eAccelerator - PHP optimization and caching, http://eaccelerator.net/
Suhosin - PHP security module, http://www.hardened-php.net/suhosin.127.html
mod_deflate - Gzip content on the fly for HTTP 1.1 clients, http://httpd.apache.org/docs/2.2/mod/mod_deflate.html
mod_evasive - Protection from misbehaving clients and DoS attacks, http://www.zdziarski.com/projects/mod_evasive/
mod_security - Protection from script kiddies and bots, http://www.modsecurity.org/ with select rules from http://www.gotroot.com/

Applications I use:
fail2ban - Ban clients after 10 404's or auth fails, http://fail2ban.sourceforge.net/
evilghost is offline   Reply With Quote
Old 06-19-07, 09:55 AM   #3
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Managing File System w/ PHP.... what permissions should I use?

For additional security I recommend these php.ini changes to protect against information disclosure, RFI (remote file inclusion), and other attacks:

suhosin.executor.include.max_traversal=4
display_errors = Off
allow_url_include = Off
allow_url_fopen = Off
session.use_only_cookies = 1
session.cookie_httponly = 1
expose_php = Off
display_errors = Off
register_globals = Off
disable_functions = phpinfo

I also recommend setting ProductTokens to ServerOnly in your Apache configuration or using mod_security to obfuscate the server banner.
evilghost is offline   Reply With Quote
Old 06-19-07, 10:47 AM   #4
ViN86
 
Join Date: Mar 2004
Posts: 15,486
Default Re: Managing File System w/ PHP.... what permissions should I use?

thx ghost

i found that with the distro im running, httpd (the apache daemon) is run by the user "nobody" in the group "nobody"

changed permissions and set the owner as "nobody" and voila, it works. thx

("ps -aux" is my friend lol)
ViN86 is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Max Payne 3 system requirements updated, new PC screenshots released News Archived News Items 0 05-28-12 07:49 AM
RPM Source problems LaoTzuTao NVIDIA Linux 10 01-19-03 06:15 AM
Can't install NVIDIA_kernel.XXXX.XXXX.src or regular rpm noeffort NVIDIA Linux 15 12-17-02 02:22 PM
Strange RedHat 7.3 issues with A7N266-C nforceuser NVIDIA Linux 8 09-27-02 04:16 PM

All times are GMT -5. The time now is 12:09 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.