doufangxian4985
2013-05-13 02:13
浏览 145
已采纳

apache root中的文件权限为770,仍可查看

I've seen a lot of questions on here regarding files not being accessible due to permissions with LAMP but nothing about making files unviewable by the http client using permissions.

I have files and folders in my Apache2 root folder that I don't want people to be able to access via their browser or by other external means. I set the permissions to 770, but this doesn't seem to be enough. Do outside users access files as the apache user? I'm running LAMP under Ubuntu Server with little modifications to the defaults, thus my apache user is www-data, group is :www-data, and the apache root is /var/www.

I have a /var/www/_private folder that has 770 permissions and the same permissions on its enclosed files. However, if I access these files through a browser, they are still viewable. Are clients accessing my files as the www-data user? If so, how do I rectify this?

I've worked on hosted setups where setting the "other" permissions to 0 was sufficient for denying outside direct access to files. Do I need to install some extra module to gain this functionality?

Note: I still need my accessible-to-the-client PHP scripts to access these files via includes, fopen, etc...

图片转代码服务由CSDN问答提供 功能建议

我在这里看到很多关于由于LAMP权限而无法访问文件的问题,但没有关于制作 http客户端使用权限无法访问的文件。

我的Apache2根文件夹中有文件和文件夹,我不希望人们通过浏览器或其他外部方式访问 。 我将权限设置为770,但这似乎不够。 外部用户是否以apache用户身份访问文件? 我在Ubuntu Server下运行LAMP,对默认值进行少量修改,因此我的apache用户是www-data,group是:www-data,apache root是/ var / www。

我有一个/ var / www / _private文件夹,它对其附带的文件具有770权限和相同的权限。 但是,如果我通过浏览器访问这些文件,它们仍然可以查看。 客户端是否以www-data用户身份访问我的文件? 如果是这样,我该如何解决这个问题?

我曾经在托管设置上工作过,将“其他”权限设置为0足以拒绝外部直接访问文件。 我是否需要安装一些额外的模块才能获得此功能?

注意:我仍然需要可访问客户端的PHP脚本来通过includes,fopen等访问这些文件。 ..

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongpangzan6425 2013-05-13 02:19
    已采纳

    Well, right, 770 means that the owner of the file and the group can read, write and execute it. I'm going to guess the Apache is the owner of that file, thus allowing it to access it and open it to the world.

    Instead of modifying the permissions on the server, and possibly causing harm to the accessibility of the file, why don't you use an .htaccess file. It will instruct Apache to take actions in certain instances, like denying access to a file. Simply create the .htaccess file in the root of the website with

    <Files {your file name here}>
    deny from all
    </Files>
    

    and you'll deny everyone from accessing it with Apache.

    And if you want to deny an entire directory:

    <Directory /var/www/_private>
       Order Deny,allow
       Deny from all
    </Directory>
    
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题