| |
|
|
|
|
|
Purchase AutoTheme |
 |
|
|
Spidean Forums
You are not logged in | | |
|
|
|
mazsalleh
Senior Member   Posts: 149 Registered: 1/31/2004 Status: Offline
|
posted on 3/7/2006 at 12:47 PM |
I'm dealing in the last days with some problems, as my host decided to use
phpSuexec and with this my write permissions are changed.
Here is a little writeup about phpSuexec:
quote:
On most Apache
servers, PHP runs as an Apache Module. As such, it runs directly in the
user Nobody, but doesn't require the execute flag.
This means that in order to execute a PHP file, it simply needs to be world
readable.
The problem is that this allows every other users on the server to read
your PHP files !
Allowing other users to read your HTML files is not a problem, since they
can be displayed in Internet Explorer. However, PHP files are not readable,
they are parsed.
Many scripts use a PHP file to store a database username and password. This
means that on another server every client could read your PHP files,
retrieve your password and access your databases.
PHPsuexec executes PHP scripts under your username.
As such, instead of using everyone's permissions it uses the owner's
permissions.
You can thus change the permissions of your PHP scripts to : 0700 or 0400
and still be able to read and execute them. However, these scripts will no
longer be accessible to any other users.
In fact, PHPsuexec will refuse to execute a script if it is world-writtable
to protect you from someone abusing one of your scripts.
the only required permission is owner-read (0400), but if you need to write
to that file, you need to also enable the owner-write permission ( 0600 ).
it is recommended that all PHP files to have either permission 0400 or
0600.
The execute permission is never required, and the group and everyone
permissions can be left to 0.
To add complexity to the issue, PHPsuexec, also validates the directories
in which PHP files are located.
A PHP file cannot be execute in a directory that is group-writtable or
world-writtable.
However, in order to access a directory, it must be world-executable, which
is safe to do.
As such, directories containing PHP files should have permissions 0755 or
0555.
So if I take a look at this, does it means I don't need to give any write
permissions to autotheme.cfg, theme.cfg ?
____________________
Carl
MazDev.com
Fishing & Boat trips at the isle Langkawi - Malaysia
|
| |
| |
Shawn
Administrator   Posts: 4536 Registered: 10/7/2002 Status: Online
|
posted on 3/7/2006 at 09:30 PM |
They will need to be writable by your user. So just assuming that your
username and group on the server are 'mazsalleh', then the perms should at
least be -rw------- and possibly -rw-rw----
Easiest way from shell is:
chown mazsalleh:mazsalleh autotheme.cfg
chmod ug+rw autotheme.cfg
-Shawn
[Edited on 3/8/2006 by Shawn]
|
| |
|
|
| |
AutoTheme is an HTML Theme System currently supporting the Zikula, PostNuke, PHP-Nuke, MD-Pro Content Management Systems (CMS) and derivative Nukes, osCommerce and CRE Loaded shopping carts and the Wordpress blog.
PHP-Nuke Themes, PostNuke Themes, Zikula Themes, WordPress Themes, osCommerce Templates, CRE Loaded Templates, osCommerce Themes, CRE Loaded Themes
Copyright © 2002-2008 Shawn McKenzie and Spidean. Content on this site may not be reproduced in any form without prior written consent.
Syndicate our news | Google Sitemap
Terms of Use | Privacy Policy | Credits
   
  |
|
Page created in 0.268619 Seconds
|
Printer Friendly Page
