require_once(../../path/to/script.php) failed to open stream permission denied
See an example here: http://mattpotts.com/portal/
I put an includeme.htm
in each directory on the required path to find the point of failure. It works fine on my local machine (windows) with the same directory structure but fails on my remote (linux) server.
Directory structure:
+-firefli/ drwx--x--x
+-private_html/ drwx------
+-foo/ drwxr-xr-x
+-bar/ drwxr-xr-x
+-portal/ drwxr-wr-w
+-public_html/ drwxr-wr-w
+-foo/ drwxr-wr-w
+-portal/ drwxr-wr-w
The permissions confirm that it's the private_html
directory causing the trouble. Hopefully you can see the purpose of the directory structure, I don't know if it's a common way of doing things but it works for me. Well, until now.
I've 开发者_如何学运维gone a very long way around asking it but my question is simply this: is there anything wrong with setting private_html
to be drwxr-xr-x
? Given that I do not want it to be accessible via the web. But the permissions shouldn't do that should they? Because it's apache making the public_html
directory accessible via http.
You shouldn't need to block out web users with folder/file permissions on private_html, as it's outside the web root. As you say, web users can only get to stuff in public_html
For future debugging speed, if you have a relative web path you can convert it to a real path using realpath:
$path = realpath('../../private_html');
// $path is now /public_html/foo/private.html or whatever
Well, if you have set up your DocumentRoot
correctly to point to public_html
, it won't be accessible from the web, no matter what permissions you put on it.
The Private HTMl is not accessible from the web without you putting in a .htaccess file that would redirect it. If you don't know what that means/how to do that, you are safe.
You should be fine setting these permissions to whatever your script needs.
what are the user:group
for private_html
? The web server needs to be either a member of the group or the owner of the file. In order to read the directory contents the dirctory needs to have the execute
permission for the webserver to open it. Essentially they should have the same user:group
as public_html
. You just want to disallow the write
permission. tot he webserver. If you have set your document root to public_html
private_html
is not accessible via the web no matter what the permissions. Also, i always use realpath
on the path arguments to and file operation.
精彩评论