PHP/CHMOD Questions

I am working on a PHP based website. In the admin there 开发者_如何学Cis a section that checks a form field and based on the field looks for a folder on the server. This folder will be in a sub-directory. If it does not exist it needs to be created. After that, previously existing or not, PHP will write file to the folder.

These folders will hold images and PDF files that will be viewed and/or downloaded on the main site.

Here is an example directory structure: merchants/east/user123 In the above merchants and east would definitely exist and user123 may exist or otherwise be created.

Given that info my questions are about folder permissions.

• What should folders be set to for the best security.
• Should I open them up wider during operations then chmod them (in PHP) after I'm done to something more secure?
• What should upper level folders be set to?

770 would be a safe bet for the files. Setting it to that would disallow any public access. I would implement some sort of document delivery system in PHP. PHP will be able to access the non-public files and then send them to the user.

The upper level folders could be set to the same.

Update

As others have said, you can easily chmod them to 600 without any issues. That's the more secure way of handling it (prevents other users on the system from accessing the files). It also omits "execute", which isn't needed for file reading anyway. It's my personal practice to leave the extras in unless there's a defined reason not to.

The upper level folder would need to have read, write and execute permissions for the apache user., the top level folder could be owned by apache, and have permissions like 755 to allow the the webserver to read, write and list files.

You might think about permissions 750 or 700 if you are particularly concerned about other local users or services on the web server from seeing the files in this directory.

For file permissions: 644 or 600 as conventionally they do not need execute permission.

A nice compromise might be to use 750 for directories and 640 for files with owner set to apache, and change the group (chgrp) so that the group for the file allows access to the user that you normally edit the website files with.

I can't think of any significant advantage of the php script increasing and then reducing the permissions.

I think you should consider @chunk's comment about keeping the uploaded files own of the public html directory completely, and serving them back via an file delivery script. Otherwise you would need some careful validation of the content of the files and to tightening up the apache configuration for that particular directory - perhaps using some mimetype checking to make sure that the files really are docs and pdfs.