开发者

Www-data User to Access files/folder outside of /var/www/

问答 作者:

Ok, is there a way for the PHP开发者_StackOverflow user (www-data) to gain access to other parts of the server, for example, /home/username/another_folder/ ?? Thanks in Advance.

Will

EDIT: Do I just add www-data to another group?? Or something like that, or is there another way?

You can create another group and add the www-data (if your webserver runs under www-data user) to this group, then assign this group to all those files you want to be accessible.

Or if you just need the read permission, and it is not an issue that other users on the system have read access to your files, then just change permissions of your files (in other places) to have the read permission for other. For example, 775 for your directories and 644 for your files.

Remember that you can not serve pages in places other than your Document Root (for example /var/www), even though your webserver user has the permissions to access those files.

However if you configure "aliases" or "virtual hosts" for your web server, you can make places other that your default document root, accessible by HTTP requests.

But PHP files that are under your document root and executed by the web server, CAN read contents of files outside the document root IF the web server user has enough permissions.

// file permissoins
/tmp/shared_by_all.txt -> 644
/home/user1 -> 751 or 755
/home/user1/shared_by_all.txt -> 644
/home/secureuser -> 750
/home/secureuser/myfile.txt -> 640 (or even 644 because of the containing directory permissions, other can not even enter the directory tree. so file is not accessible)


// file: /var/www/read_file.php
<?php
    echo file_get_contents('/tmp/shared_by_all.txt'); // ok!
    echo file_get_contents('/home/user1/shared_by_all.txt'); // ok!;
    echo file_get_contents('/home/secureuser/myfile.txt'); // fail!;
?>

You could change the group ownership (chgrp) of your folder to www-data (if www-data is its own group.)

You could change the user ownership of that folder (chown) and chmod it so that multiple users can access it. (Like farzad said)

You could create a group ("me_and_web") whose only members are "username" and "www-data", and chgrp -R me_and_web /home/username/another_folder

继续阅读:accessibilityphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9