User level of a connecting client through Apache and PHP user permissions

could any one explain how permission levels work when a Client connects to a webpage of my server?

Specifically:

I create a folder in the apache root directory that is owned by Root, So I can read write and execute with a root user.

When a webclient connects to this server, what is the user level of this webclient? Is it开发者_如何学JAVA Nobody? Basically what im getting at is I want to create say a cron folder in my apache root, but I dont want web clients getting into it.

Aside the fact that I should "stick it outside of the webroot" - Is this possible to create a folder that is not browseable by a user through a web browser through file permissions alone?

Another thing I dont get... When a php script is running inside apache.. what user is running that script? - I commonly see allot of talk about chmod'ing a php file to 664 or something along those lines for security... but surely... you want that script to run anyway - or else you wouldnt of made it otherwise.

I know this is kind of 2 questions... my understanding of permissions from a web point of view is kind of confused... I get it from a Linux standpoint, but as soon as it goes web.. I get confused.

Maybe just an overview of permission with regards to apache and scripts... I dont need a deep understanding - just enough to be able to do things the safe correct way. Maybe an example of why you would change a scripts permissions or owner in the apache root?

Cheers all you super smart guys!

Generally speaking, Apache (which is the httpd server which executes PHP, when answering HTTP requests) runs with a user which doesn't have much privileges.

This user is generally called either www-data or nobody, depending on your Linux distribution.

If you want a directory that cannot be accessed by that user, and can be accessed by root, a possibility would be to make sure that :

• This directory belongs to root
• Its rights are rwx------ (i.e. only the user it belongs too has rights)