Www-data用户可以访问/var/www/之外的文件/文件夹 [英] Www-data User to Access files/folder outside of /var/www/

查看:102
本文介绍了Www-data用户可以访问/var/www/之外的文件/文件夹的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

好吧,PHP用户(www-data)是否有一种方法可以访问服务器的其他部分,例如/home/username/another_folder/?预先感谢.

Ok, is there a way for the PHP user (www-data) to gain access to other parts of the server, for example, /home/username/another_folder/ ?? Thanks in Advance.

我是否只将www-data添加到另一个组?或类似的东西,或者还有另一种方法?

Do I just add www-data to another group?? Or something like that, or is there another way?

推荐答案

您可以创建另一个组并将www-data(如果您的Web服务器在www-data用户下运行)添加到该组,然后将该组分配给所有这些组您想要访问的文件.

You can create another group and add the www-data (if your webserver runs under www-data user) to this group, then assign this group to all those files you want to be accessible.

或者,如果您只需要读取权限,并且系统上的其他用户对您的文件具有读取访问权限,那么只需更改文件的权限(在其他位置)以具有对other.例如,775代表目录,644代表文件.

Or if you just need the read permission, and it is not an issue that other users on the system have read access to your files, then just change permissions of your files (in other places) to have the read permission for other. For example, 775 for your directories and 644 for your files.

请记住,即使您的Web服务器用户有权访问这些文件,也不能在文档根目录之外的其他位置(例如/var/www)提供页面.

Remember that you can not serve pages in places other than your Document Root (for example /var/www), even though your webserver user has the permissions to access those files.

但是,如果为Web服务器配置别名"或虚拟主机",则可以放置默认文档根目录以外的其他位置,并可以通过HTTP请求进行访问.

However if you configure "aliases" or "virtual hosts" for your web server, you can make places other that your default document root, accessible by HTTP requests.

但是,如果Web服务器用户具有足够的权限,则位于文档根目录下并由Web服务器执行的PHP文件可以读取文档根目录之外的文件内容.

But PHP files that are under your document root and executed by the web server, CAN read contents of files outside the document root IF the web server user has enough permissions.

// file permissoins
/tmp/shared_by_all.txt -> 644
/home/user1 -> 751 or 755
/home/user1/shared_by_all.txt -> 644
/home/secureuser -> 750
/home/secureuser/myfile.txt -> 640 (or even 644 because of the containing directory permissions, other can not even enter the directory tree. so file is not accessible)


// file: /var/www/read_file.php
<?php
    echo file_get_contents('/tmp/shared_by_all.txt'); // ok!
    echo file_get_contents('/home/user1/shared_by_all.txt'); // ok!;
    echo file_get_contents('/home/secureuser/myfile.txt'); // fail!;
?>

这篇关于Www-data用户可以访问/var/www/之外的文件/文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆