开发者

Is it possible for someone to read or write my .php files on the server if they have world read/write permissions?

Can someone steal or change my PHP files if I have set them to chmod 777?

I have an EC-2 instance and even whe开发者_JAVA技巧n I'm logged in as EC2-user I cant change my file if I have set them to chmod 755. I can only make changes to the file when I have set them to chmod 777.


Yes and no. Can anyone who is viewing the files over the net? No. However, anyone with the ability to log on to your machine could change the files (since they are world readable / writable.) In general, this isn't a good practice. I'd advise not permitting more than 775. If you are in a hosted environment, this shouldn't be a problem though.


Actually, everyone here is incorrect, 755 for a file is very wrong.

This means, read/write/execute by the owner. read/execute by the group and everyone else.

Directories should be 755 as the execute bit on a directory means that the user can list its contents, as you obviously cant execute a directory.

Execute does not make sense for webhosting scripts as the execute bit is only interpreted by the shell, not php.

In short, directories should be at the most, 755, (rwx,rx,rx), files should be 644 (rw,r,r).

Your files can be stolen in a shared hosting environment very easily if they have global read access to your files.

There are three ways the webhost can be configured with PHP

  1. As an apache module (all scripts run as the same user regardless)
  2. As a CGI binary in a jail/chroot (may run as the same user, but the files are jailed from the rest of the filesystem, so others cant access them, and you cant access theirs)
  3. Using SuExec or suPHP (php is run as the owner of the website)

If your host is running as a module (1), then your files must be 664 and directories 755, and are readable by everyone on the server.

If your host is running in a jail/chroot (2), then your files probably have to be 664 and directories 755, but they are protected.

If your host is using suExec or suPHP then your php files should be 640 and directories 750, otherwise others can access your scripts. You may even be able to restrict it further to 600, and 700, but apache still needs to read the plain files (not scripts), so you need to take this one step further and make sure the files are owned by you, but in the group the web-server is running as.


They can modify / steal your files if they have access to your server and have a working username / password. chmod 777 lets anyone read and write to your files (as well as execute them).

So, for example, if you're hosting your website on a shared server, other websites running on that server would be able to access your files and modify them, even though they run in a different user context.


Steal yep
If your not use .htacces yeah :)
Why you use chmod 777 ?

UPDATE
anyone can download file no ?
wget http://xxx.xxx/update.php~ works

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜