PHP Developers Network
http://forums.devnetwork.net/

Source to understand permissions from PHP dev view
http://forums.devnetwork.net/viewtopic.php?f=1&t=147525
Page 1 of 1

Author:  Jardenblack26 [ Mon Apr 23, 2018 10:37 am ]
Post subject:  Source to understand permissions from PHP dev view

I've been searching for sources to help me understand Linux Apache permissions from the PHP programmer's perspective getting only the rwx and 755 type descriptions and processes in abundance.

What I need is a *source* that I can learn Linux permissions from the perspective of the *PHP programmer*, not for the Linux admin who has the box locally or remotely. I'd like to know, for example, when to give each of the three users which permissions for my PHP app's directories, data files and PHP scripts on the basis of heightening security.

Author:  protopatterns [ Mon Apr 23, 2018 12:07 pm ]
Post subject:  Re: Source to understand permissions from PHP dev view

It took me a while to figure out linux permissions. I made some notes that might help. (See also here: https://unix.stackexchange.com/question ... linux-work)

Here's chmod for PHP: http://php.net/manual/en/function.chmod.php

Here is what the numbers represent:
4: read
2: write
1: execute
0: no permission

Each of what they represent is added together to come up with a final number.
The final numbers are in the usual order: user, group, world.

For example, 'chmod 745 myfile' means 'owner of myfile has all permissions; group has read, no
write, and no execute permissions; world has read, no write, and execute permissions'.



Difference Between File and Directory Permissions

Read ('r' or '4') for Files. Allows a file to be opened and read.

Read For Directories. Allows a directory's contents to be listed, if the execute attribute is also set.


Write ('w' or '2') for Files. Allows a file to be written to or truncated. However this attribute does not allow files to be renamed or deleted. The ability to delete or rename files is determined by (write) directory attributes.

Write for Directories. Allows files within a directory to be created, deleted, and renamed, if the execute attribute
is also set.


Execute ('x' or '1') for Files. Allows a file to be treated as a program and therefore executed. Program files written in scripting languages must also be set as readable ('r' or '4') to be executed.

Execute for Directories. Allows a directory to be entered, e.g., 'cd directory'.

Note the difference here between directory execution, which allows you to enter / access the directory, and file execution, which allows you to run the program contained within the file.

With that I think you'll have the basis to determine exactly what you want your users to be able to do, and program it in.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/