How to give permissions only to PHP to read a config directory outside the web root?

Question

I am trying to hide my db conf connection file outside the web root directory of my web server. I want to put it outside and keep the permissions as restrective as possible, in order to permit only the web administrator and the PHP interpreter to read it.

The file has this permissions:

-rw------- 1 serveradmin serveradmin 150 mar 12 01:12 db-conf.php

But when a php script inside the web root calls it using require_once '/path/outside/webroot/to/db-conf.php'; I get the php permission denied error.

**Warning: require_once(/path/outside/webroot/to/db-conf.php): failed to open stream: Permission denied in /var/www/php-script.php on line x

Fatal error: require_once(): Failed opening required '' (include_path='.:') in /var/www/php-script.php on line x**

How can I resolve?

Answer 1

If you are running PHP through a webserver, i.e. apache, then PHP is running as the apache user, and whatever PHP can read, apache can read, so you have to give apache read permissions to this file. if its outside the website directory, then people won't be able to get to it through apache, but PHP will be able to find it.