Can I use php's fwrite with 644 file permissions?

views:

196

answers:

Can I use php's fwrite with 644 file permissions?

I am trying to set up automated .htaccess updating. This clearly needs to be as secure as possible, however right now the best I can do file permission-wise is 666.

What can I do to setup either my server or php code so that my script's fwrite() command will work with 644 or better? For instance is there a way to set my script(s) to run as owner?

You can't change the process's owner. If you're on a shared server, see if they have suPHP as an option.

webbiedave 2010-05-19 20:40:33

+1 A:

The apache process should always run as apache:apache - if you must enable write permissions in executable (i.e. DocumentRoot) directories, create a group, add apache and set group write permissions (so 664).

It's best to have .htaccess updated by a cron script reading config data from a database, as giving apache write permissions to executable directories is frowned upon in case a vulnerability in your code allows a malicious user to write new files to those directories.

Andy 2010-05-19 20:40:47

+1 for cron. But if he's on a shared server, setting apache to the group will pretty much put his files at 99% of the original risk.

webbiedave 2010-05-19 20:45:16

I'm not too familiar with using cron jobs... would I be able to have the cron script execute when an administrator hits an "Update .htaccess" button on my php page for instance? Or can they only be set to execute at timed intervals like every hour, day, month, etc.? I am on a dedicated host btw.

filip 2010-05-19 21:11:58

Yep, cron is a "time-based job scheduler". You can set the cron to run every minute (or two) and check for an entry in a db table with either an instruction code (safer) or the actual code to put in `.htaccess` (less safe). cron examples: http://en.wikipedia.org/wiki/Cron

Andy 2010-05-19 21:15:25

ansaurus

tags:

views:

answers:

Can I use php's fwrite with 644 file permissions?

related questions