PHP 脚本/目录的权限是什么? [英] What permissions for PHP scripts/directories?
问题描述
我正在尝试帮助一位朋友将网站从一家网络酒店转移到另一家.老地方已经关门了,我只有一个简单的 tar 文件,里面有什么.
I am trying to help a friend moving a web-site from one web-hotel to another. The old place is already closed, I have only a flat tar file of what was in it.
该网站包含 HTML 文档,您可以下载一个小 Java 应用程序(可加载到手机上)将数据发送到该网站.
The web site contained HTML docs and one could download a little Java application (to be loaded on mobile phone) to send data to the web site.
移动 Java 应用程序向 URL= 发送了一个字符串.这个 php 脚本包括另一个 php 脚本 (../inc/db_login.php),它使用 $link=mysql_connect() 连接到 SQL DB.另一个文件 register.php 执行 SQL 插入操作,以便将新发送的数据放入数据库中.
The mobile Java application sent a string to URL=<HOST>/php/register.php. This php script included another php script (../inc/db_login.php), which connected to a SQL DB using $link=mysql_connect(). Another file, register.php, did the SQL insert for putting the new sent data in the DB.
我的问题基本上是,我应该把这 2 个 PHP 文件放在新网站上的什么位置以及目录和文件应该有什么权限?
My question is basicaly, where I should put this 2 PHP files on the new website and what permissions the directories and files should have?
旧的 Web 服务器显然有 /php 和 /inc 目录.这些都不存在于新的网络服务器上.我应该创建它们吗?他们应该得到什么许可?我想将密码放在单独的 PHP 文件中的原因是安全性./php 和 /inc 目录可能有不同的权限.
The old web server obviously had a /php and /inc directories. None of these exists on the new webserver. Should I create them? What permission should they have? I guess the reason for having the password in a separate PHP file was security. The /php and /inc directory probably had different permissions.
新服务器有目录:
/httpdos/httpsdos/cgi-bin/conf(还有一些可能不相关的)
/httpdos/httpsdos/cgi-bin/conf(and some others probably irrelevant)
我的问题
文件扩展名 (
.php) 是否对服务器有意义:因为 PHP 脚本包含"在 HTML 代码中(在,服务器需要看文件后缀还是不相关?(我理解服务器对的反应,当然)
Does the file-extension (
.php) mean something to the server: as PHP scripts are "included" in HTML code (between<?...?>, does the server need to look at the file suffix or is it irrelevant? (I understand that the server reacts on the<?...?>, of course)
应该将公共文件(在我的情况下为 register.php)放在 httpdocs/ 目录中还是服务器(我认为是 apache)对一些东西并在另一个目录中获取它?
should the public file (register.php in my case) be placed in the httpdocs/ directory or does the server (apache I think) reacts on something and fetches it in another directory?
PHP脚本是否应该有权限RX(读取和执行)、--X(执行)或R--(读)?从操作系统的角度来看,我猜 apache 只是在读取这些文件,这意味着它们应该是 R--,但这意味着如果 PHP 服务停止",客户端将获取所有 PHP 代码他的浏览器(?).我更喜欢它是 --X 但因为它既不是二进制也没有 #!,我想它一定是 --R?
Should the PHP script have permission R-X (read and execute), --X (execute) or R-- (read)? From a OS perspective I guess apache is just reading this files, meaning that they should be R--, but this would mean that if PHP service is "stopped" the client would get all the PHP code in his browser(?). I would prefer it being --X but as this is neither a binary nor has a #!, I guess it must be --R?
如果公共 PHP 脚本可以放在另一个目录中(例如 /php 而不是 /httpdocs)应该 /php(和脚本)有权限吗?.我猜服务器必须知道这个 /php 目录(或者是否有通常的默认值?)
If the public PHP script can be placed in another dir (e.g /php instead of /httpdocs) what should /php (and the script) have for permission?. I guess the server has to know about this /php directory (or are there usual defaults?)
包含的 PHP 脚本(../inc/db_login.php,包含 SQL 密码)不应该在 /httpdocs 下,我猜.这意味着我的 register.php 包含一个不在 /httpdocs 子树下的文件.这行得通吗?服务器需要知道吗?
The PHP script included (../inc/db_login.php, containing SQL password) should not be under /httpdocs I guess. This means that my register.php is including a file which is not under the /httpdocs subtree. Does this work? Does the server need to know?
我知道您可能需要了解服务器配置.只需假设您的答案中的默认值(如果它是,您可以告诉它在哪里更改).
I understand you may need to know the server configuration. Just assume the default in your answer (and you can tell where it is changed if it is).
推荐答案
目录必须具有执行权限才能使用.通常这是0755.通过 mod_php 运行的 PHP 脚本不会被执行,而是被读取;0644 就足够了.必须写入的目录需要由运行 Web 服务器的用户拥有.可能还有其他关于权限的问题,例如SELinux,但以上内容将使您了解基础知识.
Directories must have execute permissions to be usable. Usually this is 0755. PHP scripts run via mod_php are not executed but rather read; 0644 will suffice for this. Directories that must be written to need to be owned by the user the web server is running as. There may be additional concerns regarding permissions, e.g. SELinux, but the above will get you through the basics.
其他用户或外部客户端不得访问的文档应为 0600,归网络服务器用户所有,并位于 DocumentRoot 之外.请注意,在安全模式下运行 mod_php 将阻止脚本包含 DocumentRoot 之外的任何内容;一个可悲的缺陷.
Documents that must not be accessed by other users or external clients should be 0600, owned by the web server user, and located outside the DocumentRoot. Note that running mod_php in Safe Mode will prevent scripts from ever including anything outside the DocumentRoot; a lamentable flaw.
这篇关于PHP 脚本/目录的权限是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
