This is not a direct PHP question, but rather a question about permissions of PHP files under UNIX. I've read many posts on forums elaborating techniques with file permissions, but either they actually didn't work, either I really didn't feel it was the right way to do it...
As a basic fact, an Apache server has a run user and a run group (that you can change if you want). Lets call them apache_user and apache_group. Then usually you have your own user account, and your own group ; let's just call them user and group.
First of all, I begin by a silly question, but I never saw that on the web : I think the most natural way to set a regular "foo.php" PHP file would be a 570 octal permission with "apache_user" owner, and "group" group owner. Is that right? Do I miss something important?
Having these kind of permission would allow you to have "secret" files (like .ini configuration files for instance). Let say you have the file "dbconf.ini" with octal permission 640, "user" owner, and "group" group owner. Then, if I understand everything right, "foo.php" file could read this file, because it belongs to the group "group", and "dbconf.ini" has a 4 octal permission (that is, read permission) for this group.
Now if that is correct, either I did something wrong on my computer, or I need your help because I really don't understand file permissions then because I get "Permission denied" errors..
Here is my configuration :
foo.php with "apache_user" owner, "group" group owner, and 570 permission.
dbconf.ini with "user" owner, and "group" group owner with 640 permission.
The simple code I'm using for foo.php
Code: Select all
if ( !$settings = parse_ini_file('dbconf.ini', true) )
throw new Exception("Unable to read file dbconf.ini. Aborting..");
echo $settings['database']['hello'] . "<br />" . $settings['database']['bonjour'] . "<br />";
J