I am trying to understand the file permissions on a typical shared Linux web hosting account. I know how to set rwx permissions for the OWNER GROUP and PUBLIC entities of a file or directory. What isn't very clear to me is, typically where would the access permissions map to? I am guessing that:
USER permissions would affect what … uhm… not sure here
GROUP permissions would affect what a PHP or other script running on the server could do
OTHER (sometimes called PUBLIC or WORLD?) permissions would affect what a UA of a web site visitor can do
Can anybody correct, confirm or expand my understanding on this?
CLARIFICATION:
If I want to allow my PHP script that run on the server the permission to write to a file, would that permission be specified in USER, GROUP or OTHER?
If I want to deny a website visitor's browser to see the contents of a directory, would that permission be specified in the dir's USER, GROUP or OTHER?
Best Answer
Let's specify some keywords fists.
You access your FILES as FTPUSER with a ftp program
Now.. becasue WWWDAEMON user WWWUSER is not you (FTPUSER) it respects OTHER permissions when it tries to
read
your script. (There are hosting site's that run your scripts as your FTPUSER). Removing the other read and exec permission will block use of somescript.phpCreating a directory with world writeable permissions will allow your script to write there, but unless you protect that directory somehow (like with .htaccess or put it outside your www dir) it might also mean that the BROWSER can access those files directly, because:
Processed also means that WWWDAEMON also respects .htaccess or similar to block access.
The advice is to create say
phpwritedir
and give it a+rwx rights. Add.htaccess
file there (if your hosting service allows it)Whit this your script run as WWWUSER can still use that directory, but WWWDAEMON will block any BROWSER access to it.