Re: File permissions for a wiki-like site



Gordon Burditt wrote:
Files are owned by OS users. Anything Apache and PHP can write on
can be written on regardless of the Web user. If you have rules
about what Web user can write on what other Web user's stuff, you
have to write code to enforce it. Web users normally don't have
corresponding OS users.

If you are on a shared host, you may be able to FTP content in using
YOUR OS user but PHP runs as Apache's OS user. The only way to let
both write in the same place is to use mode 777 on directories (unless
they are in a common group, which they usually aren't).

A smart host will make users members of the group owned by the Apache server. Then you can use 660 (or 770 if it's executable) and be accessible by the owner and the web server, but not by other users.

In a hosted setup, it's likely that there is one instance of Apache,
thus this puts all of the users in the same group. This makes 660
or 770 just as much of a threat as 777. The threats are: other
users, admins, and someone coming in through Apache. The admins
and someone coming in through Apache you can't protect against with
file permissions.


Incorrect. There are ways of keeping each website code within it's own directory, i.e. the open_basedir can be set on a per-virtual host (or per-directory) basis. Properly set, PHP will not be able to access files of another website.

You cannot, for example, have multiple instances of Apache listening on
port 80 of a single IP address, and I thought assigning 255 IP addresses
to a single web server went out with browsers that don't understand
HTTP/1.1 and the Host: header.


I didn't say anything about multiple instances on port 80, did I?

There are 65,535 ports available - and all but the first 4096 (0-4095) are available to anyone who wants them. Port 80 just happens to be the default port for the http: protocol.

It would seem, then, that I would want to give rwx permissions for the
content files to that user alone (and myself), not do a chmod 777. Is
that right?
Standard UNIX file permissions don't allow a file to have two owners.

You don't normally want to give x permission to any *file* that a
web application can write on (as distinguished from *directory*,
which needs x permission). x permission is for executables and
shell scripts.


So why not just throw the door wide open to any hacker who could upload to that file and run whatever scripts he wants? :-)

You'd even consider allowing uploads via HTTP?


Sure. Protections can be established.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.