ONLamp.com: Working with Permissions in PHP, Part 2

[ Thanks to Jason Greenwood for this link. ]

"In my last column, we took a step away from PHP to discuss the Unix permissions system. In today's column we return to PHP to show you how to apply what you learned last time; again, this column applies only to those who work with PHP in an environment that supports Unix-like permission.

"Before I begin to discuss the PHP permission functions, I will explain some common permission-related problems which occur with PHP scripts. Like all applications in a Unix environment, PHP programs are run on behalf of a particular user. If a PHP script is executed from the command line (for instance, as a shell script), it will run with the permissions of the user who started the script. For web servers, however, your PHP scripts run as the same user as the web server runs as. Under most system configurations, web servers run as the user nobody, which has minimal permissions to access the file system.

"Although it can be more difficult to work under this situation at times, it's strongly recommended that PHP never be ran via a web server in any other manner for security reasons. A much more reasonable solution is to create directories where PHP will be accessing files and assign it to the same group to which the PHP script belongs..."

Complete Story

Related Stories:

• Information Security: Detecting Server Compromises(Feb 13, 2003)
• developerWorks: Securing Dynamic Web Content(Sep 13, 2002)