Apache: difference between chmod 644 and chmod 666 and chmod 600 for output/txt/dat?

frenchn00b · 04-22-2009, 02:47 AM

Hello,

What is the difference between chmod 644 and chmod 666 and chmod 600 for output/txt/dat on website/apache server?
Little confused, in terms of security, and for board / messages... ?

Quote:

Permissions
u - User who owns the file.
g - Group that owns the file.
o - Other.
a - All.
r - Read the file.
w - Write or edit the file.
x - Execute or run the file as a program.

Numeric Permissions:
CHMOD can also to attributed by using Numeric Permissions:

400 read by owner
040 read by group
004 read by anybody (other)
200 write by owner
020 write by group
002 write by anybody
100 execute by owner
010 execute by group
001 execute by anybody

Best regards

Guttorm · 04-22-2009, 05:10 AM

Hi

The files always have an owner. If the file is written by the web-server, the owner will be www-data or similar.

600 : Only owner can read/write
644 : Only owner can write, others can read
666 : All uses can read/write.

frenchn00b · 04-22-2009, 07:02 AM

Quote:

Originally Posted by Guttorm

Hi

The files always have an owner. If the file is written by the web-server, the owner will be www-data or similar.

600 : Only owner can read/write
644 : Only owner can write, others can read
666 : All uses can read/write.

I chmoded 600 on a website and if you hit the direct link/url, people (world) can read that txt file.

And why fput (php) says it is better to be 666 than 644, since 644 is working too.

Code:

   $file = fopen("usernamefile.txt","w");
    fputs($file,$_POST[name]);
    fclose($file);

works with a chmod 644.

Guttorm · 04-22-2009, 08:02 AM

Well, the web-server is the owner of the file then, and then only the first digit matters.

frenchn00b · 04-22-2009, 10:46 AM

Quote:

Originally Posted by Guttorm

Well, the web-server is the owner of the file then, and then only the first digit matters.

I still dont understnd why people want something un-secured,
I quote this:

Quote:

5. Make sure file test.txt inside "logs" folder is writable by PHP scripts. On Unix (Linux) servers CHMOD this file to 666 (rw-rw-rw-).
That's it. To test if PHPGCounte works fine open graphcount.php?page=test in your browser, for example:

Guttorm · 04-22-2009, 12:58 PM

Well, that's a different question. Usually www-data does not have many privileges, while other accounts on a web server have a lot more. So preventing e.g. you to read/write the file, does not add much to security. You could of course chown, then chmod it 600, but that's more like securing the web server from you.

H_TeXMeX_H · 04-22-2009, 01:10 PM

I don't use the numerical permissions, they are rather obscure. Just use the regular ones, that way you know exactly what you are doing.