dongzhang7157 2010-12-07 15:50
浏览 83
已采纳

对于PHP可以写入的文件夹,Linux上最好的用户/权限设置是什么?

After years of using chmod 777 to solve PHP write permission woes, I want to know the proper way of solving the problem.

I have a website on my server owned by user1 in group user1. There is a folder in this website called uploads.

Normally to get writing with PHP to work, I have to chmod this folder to 777. But I obviously recognise this is dangerous and incorrect, and I want to setup the permissions properly to minimise risk.

From my limited knowledge, I see two options,

  1. I chown the uploads folder so that it's owned by apache. This way, I can just use the default permissions and apache can happily write to the folder.
  2. I add a second group to apache of user1. I then give write permission to the owner and group on uploads, which should allow apache to write to uploads?

My question is, what is the best approach? Is it one of the above or something completely different?

If the best solution is #1, how can user1 also write to uploads over SFTP as that solution will not let them?

  • 写回答

2条回答 默认 最新

  • douchenhui5569 2010-12-07 15:53
    关注

    In my current company, we set the apache group to the group that owns the folder, so you just need to do chmod 770 on the folder to give permissions to that particular group to do funny stuff on that folder.

    However you still to remember to protect your application from malicious user, as the PHP script being run, if sufficiently insecure, can still do damage to the folder.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料