The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

files with permission 700 could read by everyone!!

Discussion in 'General Discussion' started by mehrdad abed, Dec 29, 2006.

  1. mehrdad abed

    mehrdad abed Well-Known Member

    Joined:
    Mar 18, 2006
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    I've installed PHPsuEXEC and the php version is Version 4.4.3, does anybody know why every one could run my php files with permission 700 ?

    Thanks.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    When phpSuExec is installed, all PHP scripts are run as the OWNER
    instead of the generic username NOBODY

    The first number in "700" is the permission for the OWNER which is "7"
    which means readable, writable, and executable.

    Other hosting accounts on the same server and non-PHP web processes will
    not be able to access any of your PHP scripts that are set as 700.

    Recap though ...

    PHP as a module: Your script permissions are based on the third permission digit

    PHP as phpSuExec: Your script permissions are based on the first permission digit
     
  3. mehrdad abed

    mehrdad abed Well-Known Member

    Joined:
    Mar 18, 2006
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, but doesn't it decrease the security of configuration php files, for example the php files contain sql username information, cause they could be read by everyone in web browsers.

    Thanks again.
     
Loading...

Share This Page