chmod 777 - requirement of this is a server issue?
https://stackoverflow.com/questions/7755203
-
09-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
If a PHP script on the server can't create a directory, is this usually because PHP is running as apache/nobody? So can you say from this that the server is misconfigured? (or just using the standard configuration)
For security purposes it would be better if php was running as the user, and if it was, would this problem (requiring 777) still occur? I don't think so but I thought I'd ask...
Solution
So can you say from this that the server is misconfigured?
No. That's how it's supposed to be. php scripts executed by apache run as user www-data (on Ubuntu). www-data has practically no writing rights on the entire server. And that's how it's supposed to be. If you write an even slightly insecure php script (e.g. susceptible to code injection) and it's being run as root, a malicious visitor could wipe out your entire hard drive.
For security purposes it would be better if php was running as the user?
Who do you mean by the user? If it's root, see above. If it's a user with root privileges, see above.
Would this problem (requiring 777) still occur?
The problem is that you're using code that needs full reading, writing and executing permission on a foreign directory.
If it's a directory that will only be used by your script, www-data should own it. Problem solved.
If you're using a php script that has to have access to sensitive system areas, you may want to rethink the way of doing this. Many tasks that a php script is supposed to execute could be scheduled by the script and later executed by a cron job.
Last but not least, if you you absolutely have to, you can run php as any user you want. Just install the module mpm_itk_module and add
AssignUserId user group
inside the <VirtualHost> tag.
But be aware that - as I said before - with a bad script and the wrong privileges, Very Bad Things (TM) could happen.
OTHER TIPS
IMO you should never have a 777 directory. It doesn't matter so much on a webserver with no users, but it is never necessary and should be avoided anyway.
PHP on debian runs as the same user and group as apache (www-data). So you simply need to configure your file access controls to allow that user to do what you like. You should never need 777.
Other distros have similar configurations, but you can always edit your apache2.conf and php.ini files to get any result you want.
