Re: Deny Access To configuration file using php scripts

From: John Georgelas (jgeo_at_solsec.net)
Date: 03/03/05

  • Next message: Server Administration: "Re: Deny Access To configuration file using php scripts" 
    Date: Thu, 03 Mar 2005 20:36:44 +0000
To: raT <ratmole@gmail.com>

    raT, and others:

    I've had the same concern as raT (except I don't offer shells, but more
    about the site readability of the important file), though I found it
    fairly easy to solve. Basically, it is as some of the other posters are
    saying: turn on php's safe_mode.

    Here's the error I get when I tried to access that file with my regular
    user while the file is owned by user nobody (uid 65534) and php
    safe_mode is on:

    [client 10.0.0.66] PHP Warning: fopen() [<a
    href='function.fopen'>function.fopen</a>]: SAFE MODE Restriction in
    effect. The script whose uid is 318 is not allowed to access my.dat
    owned by uid 65534 in /home/jgeo/public_html/test.php on line 3

    [client 10.0.0.66] PHP Warning: fopen(my.dat) [<a
    href='function.fopen'>function.fopen</a>]: failed to open stream:
    Resource temporarily unavailable in /home/jgeo/public_html/test.php on
    line 3

    As for your shell accounts, then it is the same as was said: chmod 0600
    important.file, and make sure nobody (i.e. the "unprivileged" user) owns
    that file.

    Basically, only the unprivileged user's PHP scripts will be allowed to
    access that file. I hope this helps,

    Other than the above, I didn't find a need to add those configuration
    options to Apache or anything, though I'm going to look more into it
    just make sure =] 

    -- 
John Georgelas
System Administrator
Solution Security, http://www.solsec.net/
jgeo@solsec.net

  • Next message: Server Administration: "Re: Deny Access To configuration file using php scripts"