trukfixer wrote:CHMOD ogw+x
o = Owner
g = Group
w = World
in a directory listing you might see
drwxr-xr-x that means its a directory, and then sets of three permission bits , so
d = directory rwx = Owner has read,write,execute permissions, r-x = Group has read and execute permissions, and r-x = World has read and execute permissions
The above drwxr-xr-x would be equivalent to chmod 755 on a directory
-rw-r--r-- - thiss indicates a file, with chmod 644 permissions
people visiting the website havd the "UID of apache (typically "nobody" or "www-data" with a UID and/or GID of 99, or 33 , often ) so basically - any visitor to teh website via http or https is running the script under "www-data" or "nobody" permissions
Since a usual file will be chown user.group then *unless* the file is owned by apache's user or group id, apache's permissions are "World" or "Other" , so every web visitor, in essence is user "Apache" (and typically group Apache , but it can be modified by root sysadmin)
regardless of whether the webserver is Apache or Zeus or IIs or Caudium or AOLServer or any other webserver in use, *typically* (not necessarily always) your web visitors are connecting to the webserver as the Apache user/group
, so unless you specifically *CHOWN* a file to be owned by apache user (or group), only the last 3 bits of teh permissions will apply
does that make more sense?
What I'm wondering is...in regards to security...
How can I user/visitor be prevented from reading/writing/executing
What happens if you request a file via HTTP which has it's group (likely a users settings) = --x does this mean they can execute the script, but cannot read the contents or change them? I dunno how they'd do that...but still..
if a file has it's OTHER permissions set to nothing...this means...that file cannot be accessed or executed at all...via HTTP, but my scripts can still access them, correct?
So a configuration file...for instance...might have it's OTHER RWX cleared, but the Public/Owner bits are all set that means....my scripts can still read/write/execute that file internally, correct???