[kwlug-disc] Ubuntu 11.04 and LAMP :: Problems w/PHP $_POST and $_SESSION

John Van Ostrand john at netdirect.ca
Mon May 16 14:44:46 EDT 2011 

----- Original Message -----
> While crawling through the tubes to php.net, exploring php
> configuration
> settings and defaults I realized that my permissions might be wonky.
> 
> Let's say that my PHP test app using both $_POST and $_SESSION data is
> in the directory /var/www/testapp
> 
> $ sudo chmod 777 /var/www/testapp
> 
> FF browser> http://localhost/testapp/
> 
> worked with transitions between various pages and moving data between
> then in $_POST and $_SESSION
> 
> IE browser> http://<insert-ip-address-here>/testapp/
> 
> from the WinX machine brought up the testapp but w/problems with
> moving
> data around in $_POST and $_SESSION
> 
> Maybe chmod 777 is dangerous and 655 might be a better choice (once
> the
> issues w/'net access to the testapp data are solved)
> 
> But I think I am on the right track.

If permissions are your problem you can easily solve that with the proper permissions. Apache (httpd is the process) will be running as a specific user and group (on Fedora it´s apache for both). Look for the "User" and "Group" configuration in your httpd.conf file or other httpd configurations.

You have two simple choices. Allow global read permissions (chmod -R a+r /var/www/testapp) or be specific by setting apache as the group and setting permissions for the group and restricting permissions for others. This depends largely what else the server is exposed to (other users, other applications, other open ports for example.) If there are passwords embedded in your PHP scripts (like mysql logins for example) you might want to restrict the permissions as much as possible.

Keep in mind that directories are treated differently than files. Files only need the 'x' (execute) permissions if you want to run them via an exec call (like a command line.) Through apache, PHP scripts do not need to be executable, but CGI scripts do (those will most likely be in /cgi-bin/). The directories need 'x' because it allows listing the directory. 

To set both quickly try this:

# Set directory perms
find /var/www/testapp -type d | xargs chmod 0755
# Set file perms
find /var/www/testapp \! -type d | xargs chmod 0644

Or more restrictive, add this:
find /var/www/testapp \! -type d | xargs chgrp apache
find /var/www/testapp \! -type d | xargs chmod 0640

-- 
John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware

More information about the kwlug-disc mailing list