Results 1 to 5 of 5
  1. #1

    suPHP - 600 permissions mess up css/images

    Hi all,

    I'm using suphp to secure a shared web hosting server and am confused about one issue I'm having. It is my understanding that using suphp, you should be able to chmod 755 all directories and chmod 600 all files since apache runs the .php files as the user.

    However, when I chmod 600 all files, the formatting of the sites gets messed up. It loses all css and if you try to view image files in the browser you get a permission denied error. Why is that?

    As a temporary solution, I can chmod 644 all files and then 600 only sensitive files like config files (wp-config.php for WordPress for example), but I'd rather just chmod 600 everything.

    Can anyone explain why 600 doesn't work?

    With 644 permissions, any user could upload a script like:

    $filename = realpath("/home/user/public_html/wp-config.php");
    $handle = fopen($filename, "r");
    $contents = fread($handle, filesize($filename));
    echo '<textarea name="textareaName" rows="46" cols="103">'.$contents.'</textarea>';
    and view another users's file if it is 644.

    Thanks a lot for the help.

  2. #2

    Change ownership of files to user.user and permissions to 755 recursively.

    chmod 755 /directory path -R

    chown user.user /directory path -R

    600 does not allow group to write or read.

    If php is runninng as DSO

    Change ownership recursively to user.nobody and permissions to 755 recursively.

  3. #3
    Join Date
    Apr 2002
    Using 600 permissions would only be for PHP files.

    Apache still runs as nobody (or some other user) and needs the other user bit to be set to read.

    would be read as the Apache user, nobody, and would therefore need to have permissions of 644. The last 4 in that set is for the other or world bit, stating 4 here means that other users (i.e. not the owner of the file or the group owner of the file) can read the file. This is what is required for HTML, CSS, and Image files.

    is a PHP file. In a suPHP environment, this means that access to this file is passed over to the suphp wrapper, which executes the file as the defined suPHP_UserGroup user defined in your Apache configuration (after some sanity checks to make sure that owner really owns the file). For this reason, PHP files can have permissions of 600 and be viewable on the web.

    In practice though, there's really probably no need to have every PHP file set to 600 level permissions. You should use 600 level permissions for any script that contains any type of login information, such as MySQL database login information. This may only be in one file when talking about a PHP project such as Wordpress.

  4. #4
    Thanks guys. The fact that files other than php files wouldn't be read as the user escaped me. duh. Thanks for the help!

  5. #5
    Well written, SPaReK..

Similar Threads

  1. suphp and folder permissions
    By Skeptical in forum Programming Discussion
    Replies: 7
    Last Post: 09-20-2010, 05:13 AM
  2. how does a suPHP upgrade mess up a website?
    By atexit8 in forum Web Hosting
    Replies: 10
    Last Post: 11-21-2008, 12:14 AM
  3. ie6 utter mess&ie7 mess. safari&opera&firefox alright
    By thosecars82 in forum Web Design and Content
    Replies: 0
    Last Post: 05-19-2008, 12:10 PM
  4. IIS permissions/ folder permissions management
    By under_gravity in forum Hosting Software and Control Panels
    Replies: 9
    Last Post: 11-30-2007, 05:20 AM
  5. PHP Script mess images don't show - any help?
    By Dann2 in forum Programming Discussion
    Replies: 3
    Last Post: 01-07-2006, 09:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts