files with permission 700 could read by everyone!!

[mehrdad abed]

Hi

I've installed PHPsuEXEC and the php version is Version 4.4.3, does anybody know why every one could run my php files with permission 700 ?

Thanks.

 

[Spiral]

Hi

I've installed PHPsuEXEC and the php version is Version 4.4.3, does anybody know why every one could run my php files with permission 700 ?

Thanks.

When phpSuExec is installed, all PHP scripts are run as the OWNER
instead of the generic username NOBODY

The first number in "700" is the permission for the OWNER which is "7"
which means readable, writable, and executable.

Other hosting accounts on the same server and non-PHP web processes will
not be able to access any of your PHP scripts that are set as 700.

Recap though ...

PHP as a module: Your script permissions are based on the third permission digit

PHP as phpSuExec: Your script permissions are based on the first permission digit

 

[mehrdad abed]

Thanks, but doesn't it decrease the security of configuration php files, for example the php files contain sql username information, cause they could be read by everyone in web browsers.

Thanks again.