Hey, guys. Me again. I'm a little fuzzy on PHPs permissions on a shared hosting environment. It seems like PHP has Owner rights to a file. In my script I can create files and directories with PHP, but the permissions seem to be set such that I can't actually delete them via my FTP client, as I seem to be part of the Group, not the Owner. This forces me to set permission to include Group access.
For security, I am holding sensitive information in my home directory which, of course, is before the www directory. The files are accessed via a PHP script which parses the URL to determine which file to serve, but the URL itself doesn't actually point to the file. Is this a secure way of doing things? Even if I have to set the files to be accessible by Group?
I plan to get a dedicated server so the Group thing may not be an issue. In that case, would you recommend I have two servers, one running the database and one that I FTP files to and from? Furthermore, would a dedicated server allow me to have an account with the same Owner access as PHP? Or is that root?
Thanks! I am just really concerned with using the best security I can.
Is this a secure way of doing things? Even if I have to set the files to be accessible by Group?
If you're concerned that someone else on the system could access the files because of their group permissions:
You can set the file group to a group that contains only www (or whatever apache+php runs as on your server). In general, every "user" on the system will have an associated group that contains only itself. So, when you personally create a file, assuming your username is auxone, the user/group should be auxone/auxone. You can easily change the group to www and set its permissions independently.
See the man pages for chmod and chgrp.
If you're more concerned about someone accessing your private files with your PHP script:
Set up a file access list for your script. Just use an array or database table that lists all the content files it's OK for the script to access. And, if the next step isn't obvious, have your script check that list before actually opening anything. Another option is to keep all publicly accessible files in a particular directory and safeguard your script against reading content files from anywhere else.
If you implement the latter option, make sure to strip leading .'s from filenames. You never know how those clever h4x0rz will sneak a ../ in there.
I plan to get a dedicated server so the Group thing may not be an issue. In that case, would you recommend I have two servers, one running the database and one that I FTP files to and from?
It's a matter of expense and necessity. If you don't need two servers for the sake of load-handling or reliability, it's a waste to get them (unless anyone else knows of a reason I'm mistaken).
Furthermore, would a dedicated server allow me to have an account with the same Owner access as PHP? Or is that root?
With a dedicated server, you should be granted root access. The system will be yours to destroy. And that user you're thinking of is probably not a PHP user; it's probably www or apache.
Yeah, that clears a lot up. I really appreciate the time spent. As far as protecting the PHP script itself would a .htaccess file suffice? Or is that not even necessary?
I also have a settings.ini in the same directory, which of course doesn't have the advantage of being server side like PHP, hence people can just browse right to it. I suppose I will move that to my home directory as well.
It's best to have private files precede the www/public_html directory. But, with proper .htaccess or httpd.conf/apache.conf rules, you should theoretically be able to put your full identity in your document root without much concern. That is, of course, unless you've got an insecure (or stupid) script sitting in that directory : )
Protects files from being served directly to a client via Apache.
Protects files from local users, including Apache, even via indirect requests.
Protects scripts from being written insecurely or stupidly.