Reputation: 11448
php file permission for folder write
I have a file test.php. This write to log.txt in a sub folder log.
I have tried some combinations and it seems minimum is 007 for the folder and 006 for the log. Is this perfect?
Upvotes: 1
Views: 1746
Answers (4)
Reputation: 8354
I wouldn't call it perfect, it depends on what you're trying to accomplish and how your users are setup... thats not exactly minimum either. With that setting EVERYONE can read write and execute for the directory. And EVERYONE can read and write the file.
If you can, the file log.txt should already exist, then you don't need to up the permissions on the folder at all. And I'd only allow read and write on the file for the specific users and groups who need the rights. Its also a good idea to keep writable data above the web root, then if someone does manage to get something into it that shouldn't be there, its not directly accessible on the web.
Upvotes: 1
Reputation: 4799
First off, test.php should likely execute as a specific user in a user group to whom you give permissions.
Second, you should give permission to write to that group, rather than everyone. The three digits in a permission octal give permission to the owner, group, and everyone else. As you have set your permissions, you're basically letting everyone view your logs and execute stuff in your log folder.
You probably want to give the owner and group full permission to the folder and read/write to the log file while also keeping other people out of the folder. That being the case, you want to set the permissions for the folder at 770 and the file as 660. As long as test.php executes as the user or the group who owns log.txt, it'll work fine and keep prying eyes out.
Upvotes: 1
Reputation: 5117
007 and 006 are almost definitely not what you want. In file permissions, the last digit is the code for 'world', which is everyone that isn't you.
If your web server is configured with suid or something similar, you can set your permissions to be 770 or 660, or possibly even 700 or 600. These permissions are much more restrictive, which is what you want.
Upvotes: 0
Reputation: 34632
This is in no way perfect. It means everyone can write to the directory, and everyone is permitted to read and write to the log file.
You should determine the user for which the PHP processes are spawned and set file/directory ownership accordingly. In almost any case, 0700 and 0600 for directory and file, respectively, is sufficient.
Upvotes: 0
Related Questions
- How do I give PHP write access to a directory?
- php write file and set permission
- PHP and file write permissions
- PHP: file write permissions
- Writing to file without right permissions with PHP
- Folder writing permission
- Giving file write permission using php
- PHP file permissions
- PHP File Permissions... getting it "write"?
- PHP: Setting permissions so I can write a file?