require_once(../../path/to/script.php) failed to open stream permission denied

Question

See an example here: http://mattpotts.com/portal/

I put an includeme.htm in each directory on the required path to find the point of failure. It works fine on my local machine (windows) with the same directory structure but fails on my remote (linux) server.

Directory structure:

+-firefli/                 drwx--x--x
  +-private_html/          drwx------
    +-foo/                 drwxr-xr-x
    +-bar/                 drwxr-xr-x
    +-portal/              drwxr-wr-w
  +-public_html/           drwxr-wr-w
    +-foo/                 drwxr-wr-w
    +-portal/              drwxr-wr-w

The permissions confirm that it's the private_html directory causing the trouble. Hopefully you can see the purpose of the directory structure, I don't know if it's a common way of doing things but it works for me. Well, until now.

I've gone a very long way around asking it but my question is simply this: is there anything wrong with setting private_html to be drwxr-xr-x? Given that I do not want it to be accessible via the web. But the permissions shouldn't do that should they? Because it's apache making the public_html directory accessible via http.

Answer 1

Well, if you have set up your DocumentRoot correctly to point to public_html, it won't be accessible from the web, no matter what permissions you put on it.

The Private HTMl is not accessible from the web without you putting in a .htaccess file that would redirect it. If you don't know what that means/how to do that, you are safe.

You should be fine setting these permissions to whatever your script needs.

Answer 2

You shouldn't need to block out web users with folder/file permissions on private_html, as it's outside the web root. As you say, web users can only get to stuff in public_html

For future debugging speed, if you have a relative web path you can convert it to a real path using realpath:

$path = realpath('../../private_html');
// $path is now /public_html/foo/private.html or whatever

Answer 3

what are the user:group for private_html? The web server needs to be either a member of the group or the owner of the file. In order to read the directory contents the dirctory needs to have the execute permission for the webserver to open it. Essentially they should have the same user:group as public_html. You just want to disallow the write permission. tot he webserver. If you have set your document root to public_html private_html is not accessible via the web no matter what the permissions. Also, i always use realpath on the path arguments to and file operation.