php file in document root with owner and group as root getting accessed by browser

user3488030 Source

I am confused with file permission and their uses by Linux.

Web server : Apache, OS : Ubuntu 16.04 LTS

I have a file test.php in /var/www/html/ folder with permissions 644 and owner and group as root. Now, this files does some internal routine work related to database, i.e. it interacts with database and this file is executed through cron job. Now, when I requested for this file through browser by putting www.example.com/test.php, then, to my surprize, the file got executed and did all the job with the database.

Now, here I have some points of confusion.

  1. test.php file was compiled and executed, and for its execution I should set execute bit in the permission, which was not set actually.

  2. When browser requested the file, it sent the request to apache, which is www-data user and this user executed this file. But the owner and group of the file was root. Also, other users except file owner and group have only read permission, then how was it executed.

Note : Even when I gave permission as 000 with root as owner and group then also file got executed when requested through browser.

phplinuxapache

Answers

answered 11 months ago MikeSouto #1

files 664 and folder 755 and user and group www-data.

$ sudo chown -R www-data:www-data /var/www  
$ sudo chmod -R 755 /var/www

And test to http://localhost/test.php

I user my personal user, then add my user to group www-data and change permission to folder 775 and filers 664. and owner personaluser:www-data

$ sudo usermod -aG www-data personaluser
$ sudo chown -R personaluser:www-data /var/www  
$ sudo chmod -R 775 /var/www

www-data is a user/group that run the apache. So www-data execute (Interpreter ) the code.

For access with domain "example.dev" or other you have use a virtualhost. Check this: https://www.digitalocean.com/community/tutorials/como-configurar-virtual-hosts-de-apache-en-ubuntu-16-04-es

comments powered by Disqus