dongzhang7157 2010-12-07 15:50
浏览 83
已采纳

对于PHP可以写入的文件夹,Linux上最好的用户/权限设置是什么?

After years of using chmod 777 to solve PHP write permission woes, I want to know the proper way of solving the problem.

I have a website on my server owned by user1 in group user1. There is a folder in this website called uploads.

Normally to get writing with PHP to work, I have to chmod this folder to 777. But I obviously recognise this is dangerous and incorrect, and I want to setup the permissions properly to minimise risk.

From my limited knowledge, I see two options,

  1. I chown the uploads folder so that it's owned by apache. This way, I can just use the default permissions and apache can happily write to the folder.
  2. I add a second group to apache of user1. I then give write permission to the owner and group on uploads, which should allow apache to write to uploads?

My question is, what is the best approach? Is it one of the above or something completely different?

If the best solution is #1, how can user1 also write to uploads over SFTP as that solution will not let them?

  • 写回答

2条回答 默认 最新

  • douchenhui5569 2010-12-07 15:53
    关注

    In my current company, we set the apache group to the group that owns the folder, so you just need to do chmod 770 on the folder to give permissions to that particular group to do funny stuff on that folder.

    However you still to remember to protect your application from malicious user, as the PHP script being run, if sufficiently insecure, can still do damage to the folder.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 不同系统编译兼容问题
  • ¥100 三相直流充电模块对数字电源芯片在物理上它必须具备哪些功能和性能?
  • ¥30 数字电源对DSP芯片的具体要求
  • ¥20 antv g6 折线边如何变为钝角
  • ¥30 如何在Matlab或Python中 设置饼图的高度
  • ¥15 nginx中的CORS策略应该如何配置
  • ¥30 信号与系统实验:采样定理分析
  • ¥100 我想找人帮我写Python 的股票分析代码,有意请加mathtao
  • ¥20 Vite 打包的 Vue3 组件库,图标无法显示
  • ¥15 php 同步电商平台多个店铺增量订单和订单状态