Permisos dso (mod_php) y FTP / Archivo

I'm a bit baffled here. But it might just be my lack of experience.

I have setup PHP DSO (mod_php) and my server runs smoothly and stable. The issue is, though, that in order to run php with includes and everything, I had to set all user account files (/home/*/public_html/*) owner to nobody:nobody.

This introduces two questions for me: - Is this really necessary? I'd rather have them user:user - What about FTP? If I upload files using FTP, they're owned by user:user so they can't be included in another php file (throws errors). Files that are owned by nobody:nobody can't be modified through ftp..

FYI: I also have SuEXEC enabled. Should I disable this?

FYI2: I know I could set all permissions to 777, but that's just wrong.

¡Muchas gracias!

preguntado el 10 de marzo de 12 a las 10:03

Revisa esta respuesta. It's pretty much what I would have answered here. (O esta). -

Thanks, but I switched to DSO from SuPHP because I want to use opcache (eAccelerator). I really need to know what the permissions ought to be. -

In that case you can only have uno distinct user acting out and running PHP. I don't know which distro you're running, but each generally introduces a group (Debian: www-data) under which Apache workers are running. You might want to change the current group Apache is running under (apparently "nobody") to something commonly shared across all users and have the corresponding PHP files set to at least rw-r----- - o 0640. -

1 Respuestas

Ordinary "nobody" should only read executing files, and write/own only files that can be changed by php. Most files owner should be your ftp user.

Bad practice to keep php rights to change executable files.

Also if "nobody" has rights to run as root it provides php (and therefore users) all his rights.

respondido 10 mar '12, 10:03

I don't understand what you're saying. Could you rephrase this? - once59

do you understand, that in most cases php (running as nobody) should only read php-files to run your app? - electronica

Yes. But my question was about qué permissions and owner I have to set on PHP files, not on el cual archivos. - once59

ok, set permissions 644 for php files and switch owner to ftp-user - electronica

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.