Page 1 of 1

Secure permissions to enable file writing in directory

Posted: Sun Feb 06, 2011 6:16 am
by chandrika
I wanted to check about the security of changing permissions to enable a php script to write to a directory on the server. This is the php code :

Code: Select all

//get html file and save on server as text
$ch = curl_init("http://site.com/file.html");
$fp = fopen("/home/username/public_html/text/file.txt", "w");

curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);

curl_exec($ch);
curl_close($ch);
fclose($fp);
I find I have to set the permissions of the /text/ directory to at least 767 to enable this, but feel unsure if that is safe.

Only the php script needs access to these text files, so would it be safer to write them in a directory outside of public_html?

Re: Secure permissions to enable file writing in directory

Posted: Tue Feb 08, 2011 3:47 pm
by Jade
Why 767? I would do 755 instead. http://www.zzee.com/solutions/chmod-755.shtml

Re: Secure permissions to enable file writing in directory

Posted: Thu Feb 10, 2011 1:15 am
by Zyxist
The directory should be writeable by whom? A PHP script or through FTP? If you mean the first case, the only secure way is having a FastCGI/CGI PHP installation. If you use mod_php with Apache, there are no secure permissions, because the directory must be writable by a PHP script which is executed under the webserver rights shared by all the users. It means that someone else might request his PHP script to write something there and it will work. With FastCGI/CGI you can run separate PHP instances for every user that would execute on your own rights. Then, the permissions could be set to 700 for directories.