[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] PHP permissions
- Subject: Re: [cobalt-users] PHP permissions
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Fri May 18 12:23:57 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Utopia Research Dept" <research@xxxxxxxxxxxxx> wrote:
> I'm trying to get a hit counter working.
>
> The script needs an empty file "count.dat". Which I have created "touch
> count.dat" .
>
> My problem is the file does not have permission to be written to I get
> error:-
>
> Warning: fopen("./count.dat","w") - Permission denied in
> /home/sites/home/web/ip_1.php on line 37
>
> What permission does it need ?
Unless you're running PHP as a CGI it runs as the same user Apache runs as.
So that user needs permissions. So the file needs to be world writable 002
(006 if you also want to be able to read from the file) and the directory
it's in needs to be world-writable. This is a potential security hole so
proceed with caution. If you're capable of installing PHP, I find a better
solution is to install it as a CGI stand-alone copy, configure this copy
with a different file extension (I use .phpc) and use the scripts as you
would a Perl CGI. The CGI file will run with permissions of the owner of
the file so you can make it owned by whoever you want and make the output
file have the same owner and there are less security issues. Plus you'll
have a CGI install of PHP that you can use for shell scripting and running
scripts independently of the web server (nice from CRON jobs, scripts that
run when emails are received, etc.).
> Me script works fine on good ol' win 2k server with php4 onboard.
That's a different beast. Different rules apply.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/