Php.ini And .htaccess File Permissions
I'm on a shared FreeBSD server, running Apache with Drupal, and vBulletin.
I had to create a local php.ini file in my public_html folder for Drupal, and another in my forum folder for vBulletin. Now my question is, what should I set the permissions of these files to? Also, what should I set .htaccess permissions to as well?
I'd like to keep them invisible to the public. But, I don't want any problems with Drupal, or vBulletin ether.
I'm used to using Linux and I know how permissions work on a desktop. I just don't know what they do when used on a server. I'm guessing 640, but I'd like to make sure before I change anything.
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
PHP Permissions (file Owner)
I have setup an ftp user which can upload files to /home/ftp/upload and obviously it assigns the ftp user as the owner when it uploads. Now, I want PHP to be able to rename those files, but getting a permission denied, presumably because apache aint the owner or doesnt have permission to do that, so how do I grant it the right permission(s)?
View Replies!
View Related
How To Secure Your Php.ini File Safe Mode ; Disable_functions ; Etc
what are the most important issues for secure php.ini file like when you turn your SAFE_MODE ON or OFF? or please who every read this topic to post his important disable_functions in php.ini ... and if some functions disable to post it ... let's make this subject for the most important issues for secure your php.ini from script-kids as we can ... here i have some important question's for anyone has or controlling a server ; vps .... #0x01 ; what the most important disable_functions for the php.ini? #0x02 ; is the safe_mode should be enabled? or disable? and this depend on what exacly? #0x03 ; what the functions or any trick to control the nobody ( attacker on the server or shell ) FROOZ .... didn't move ? or make any command in the server ... #0x04 ; i saw in some secure server ( as they say ) they changed the Server : discribe to them name[s] like Server : SECURE BY US .COM OR SECURE SERVER .. uname -a : Linux secure.secure.com 2.6.9-023stab040.1 #1 Mon Jan 15 23:24:32 MSK 2007 i686 athlon i386 GNU/Linux sysctl : linux 2.6.9-023stab040.1 Server : SECURE BY US ! < [THIS WHAT I MEAN HOW COULD WE CHANGE IT IN PHP.ini ?] id : uid=99(nobody) gid=99(nobody) groups=99(nobody) <[how can we cannot make this nobody to have the host id ! everyhost in the server should have his own name and php.ini ?] pwd : /home/host/public_html/ #0x05 ; how can we hide the uname -a on the shell [ the attacker upload it to our customer site !] #0x06 ; how can we hide the sysctl to view to anyone like [ attacker ] ... #0x07 ; how can we rewrite on he Server Type the display for our secure message?Server : SECURE BY US ! #0x08 ; how can we give evey site and customer his php.ini file in his public_html? and how can we give him [ JUST HIS PERMISSION TO HIS SITES FOLDER AND NOT OTHER PATHS AND PERMISSION!] these question every one had a server ; vps , need to know and secure his box from other ... and anyone would like to publish any new [secure or not] idea please let us know what you would like to say ....
View Replies!
View Related
File Permissions
my question is relating to a "DJ Panel" that I am making. I am looking into various file permissions and was wondering if all PHP files that are part of the DJ Panel have file permissions of 0666 will that pose any kind of security threat (make life easier for hackers) or do you see any downside to doing this?
View Replies!
View Related
How To Allow PHP.ini
how I can allow customers to place a PHP.ini in certain directories to override some basic settings like "upload_max_filesize" and what not. I have seen this done before but not sure how to get it working.
View Replies!
View Related
Php.ini
I am unable to find php.ini on my server. [root@sml101 ~]# whereis php.ini php: /usr/bin/php /etc/php.ini /etc/php.d [root@sml101 ~]# cat /etc/php.ini memory_limit = "32M" include_path = "".:"" short_open_tag = "On" file_uploads = "On" safe_mode = "Off" [root@sml101 ~]# But in above php.ini file there is nothing to do, i want to change register_global on but php.ini seems to be missing or hidden. I have taken php info function on a domain and it is showing following path: Configuration File (php.ini) Path /etc/php.ini
View Replies!
View Related
File Permissions In Windows
I'm transferring websites from Linux to Windows. My scrips are writing uploaded photos to the server's hard disk drive. In Linux, I've set up right permissions to the folder: allow write files, php user as the owner of the folder. After I've transferred everything to Windows Server 2008 server, I've removed "read only" atribute from folders and files, but PHP scripts still can't write new files or change old files. I wonder what should I do to fix it? Set PHP user as the owner (as in Linux)? If yes, how can I do it?
View Replies!
View Related
Folder - File Permissions
Server: Centos 4.5/cPanel v11/php5 - SSH Maybe someone can set me straight on this. I have always been under the impression, that under normal circumstances, permissions should usually be as follows: userdir - 711 public_html - 750 folders - 755 files - 644 I am doing some work on a server and when I create a new folder (using WinSCP) it defaults the folder permissions to 775 and file permissions to 664. Besides causing possible problems with the applications I'm installing, isn't this a bit of a security risk? Also, if I upload a tar and untar on the server it sets the same 775/664 permissions.
View Replies!
View Related
Allow Custom Php.ini
I would like to know how to allow customers to use their own php.ini file. I have had hosts in the past that allowed you to use a custom php.ini file so long as you put it in every directory that you would need to use it. I was just trying to figure out how this is done as I am new to all of this and trying to learn.
View Replies!
View Related
PHP.ini Override
i use Cpanel/WHM , how can override php settings when php run az CGI ,when i put php.ini in root of any website the setting didn't override main php.ini settings.
View Replies!
View Related
How To Custom Php.ini
I'm using CentOS 5, Cpanel/WHM with php as cgi, when i try to put a php.ini file to to custom php for one account and it overwrite main setting on our server, someone use this bug to run c99 and try local attack other account, i've try fix this problem by edit /opt/suphp/etc/suphp.conf and set phprc_paths to /usr/local/lib/. But when i do this, php.ini in my custom account doesnt work any more... How can i custom php for one account and it not effect to main setting to prevent local attack?
View Replies!
View Related
Local Php.ini
I run multiple domains/sites on my linux server. I know there is a php.ini files that comes with the php installation package. But I have heard that there is a way to create a local php.ini file for each domain. Does anyone knows how to create local php.ini files for each domain. Is there a special setting i need to do to make it run?
View Replies!
View Related
Php.ini Being Truncated
Whenever I edit the /etc/php.ini file and change something, (like Off to On, or vice versa), it always becomes truncated, going from approximately 38kb to about 3kB. Almost everything gets erased. Would anyone know how this could be caused, or more importantly, how it can be fixed? I have a Linux CentOS 4.4 VPS with Virtuozzo.
View Replies!
View Related
Customised Php.ini
There is a shared server running PHPSuexec, and we need to change some php settings, and therefore doing that in .htaccess is not possible. We copied php.ini from /usr/local/lib/, made a modification and placed it in the web root path. I thought that any settings that have been changed would 'propagate' throughout the rest of the website (i.e. all paths underneath the web root, in the heirarchy), but unfortunately, we have found out that this is not the case. The settings that were modified, were only reflected in the web root path. Is there some method to ensure that the php modifications are reflected throughout the entire website ? We don't really want to have to place a copy of the entire (modified) php.ini in every path.
View Replies!
View Related
Suhosin And Php.ini
i have a dedicated server and i have installed suhosin through els well els never asked me for configurations or anything ,, it just installed it any way i'm trying to install AWBS on my server ,, AWBS needs safe_mode to be off so i went (pico /usr/local/lib/php.ini) all the lines were commented suhosin added this to every line at the begining PHP Code: ;suhosin.version=0.9.20 so everyline became commented any way i was trying to turn off the safe mode so i searched for it and replaced On with Off but the changes didn't take effect (locate suhosin) found bunch of folders and suhosin.so files that i couldn't manage is installing this extension ,, replaces the php.ini effect with another one ??? how can i configure php.ini to turn off the safe mode and also disable some functions while suhosin is there + how to remove suhosin without losing any data which command shall i use
View Replies!
View Related
Change Php.ini
I have a problem that am not able to connect with mssql_connect() function to MSSql server. Error is: undefined function mssql_connect(). On local this problem is get solved by uncomment extension=mssql_php.dll and extension=mssql_pdo_php.dll line by removing ";" in front of it. ::But how do i same on the online server?. ::If possible with coding or is thr any other way to do this plz let me know? ::If thr is a way to change .htaccess file to make this change or any better solution with .htaccess.. ::If thr ia a way to change the path for php.ini and we put our php.ini file in other folder and access that rather than php.ini on server.
View Replies!
View Related
Custom Php.ini
I have a reseller account on a server, and I have a client who needs to used a custom php.ini file to set the session.save_path variable. He has created this file and placed in the public_html folder, but this path still comes up as 'No Value' and the Configuration File Path still reads '/usr/local/Zend/etc/php.ini '. What do I need to do to get this site to read from the correct php.ini file? I tried setting this in the .htaccess file, to no avail.
View Replies!
View Related
FTP + File Permissions For Client
I have set up a ftp server for my clients to upload files. I have setup 2 users, client and administrator. When a client logs he uploads his files to a folder called upload_files. But he cannot view files in that folder. If I log in as administrator I can see all the files and folders. But I can only delete files uploaded to the upload_files folder. If the client uploads a folder with files into it, then I cannot delete it since the folder owner is client. Ex: /upload_files/image.jpg Can Delete /upload_files/new_folder/image.jpg Can't Delete
View Replies!
View Related
Preserving File Permissions While Copying
a way to preserve folder/file permissions in a windows environment. We are copying files from one drive to another on one of our servers. It's crucial to preserve the permissions - but i've done some research and can't find any way to get this done... Anybody familiar with any methods on how to approach this? We're running windows 2003 server.
View Replies!
View Related
File Manager And WordPress Permissions
I just purchased my first hosting package in 10 years. Things have changed quite a bit and I'm unsure about some of the permissions settings. My new account is with Host Gator. I could really use some help. I'm going to use WordPress for the first time. I'd like to harden down my Linux server on Host Gator as much as possible. I'd also like to harden the WordPress permissions as much as possible. I've read a fair amount about and have a little experience in setting read, write, and execute permissions plus some other security experience. My main concerns are to strike the balance between hardening down enough without making it so WordPress can't access whatever it needs to access. I also have "Hot Linking" to consider. Not sure if that will make it difficult for WordPress to do it's thing. Did I say that clearly enough?
View Replies!
View Related
File Permissions On Shared Host
I recently opened a shared hosting account with a new host. Can someone advise on file/folder permissions I can set which will keep my shared host neighbors out? While accessing my account via FTP I noticed I could freely view and download files from other users folders - their PHP, HTML, images, you name it! I would like to be more private with my files which include PHP scripts, images, etc. I already contacted the help desk with my host and the tech said shared access between accounts is normal (even FTP) and if I restricted permissions then my PHP wouldn't work for Internet users. I'm not buying it. I should be able to set the permissions such that Internet users can execute the PHP and view images, without my account neighbors using FTP to download my files.
View Replies!
View Related
CGI Security And File Permissions
I am planning to use CGI for my web installations and there appears to be a whole lot of conflicting info about setting file permissions in the user's folder. What are the permissions actually required for reading and writing into the web users directory? A lot of them say 755, but that doesn't make sense as it gives any user read and write permissions to the whole web directory tree. Other than the initial index .php, .cgi or some other files that need to be ready by the webserver process shouldn't every other file be 700 or 600 as every subsequent file access is done under the control of the cgi program? Unless a file is to be served directly by the web server process and is not in a ScriptAlias directory or is not marked as a CGI shouldn't the permissions on that file be 600 or 700? I'd also like to know if there are some guides as to how the CGI security issues operate.
View Replies!
View Related
Php.ini On Ubuntu Is Confusing Me
I am all too familiar with php on my win box but now am working on Linux. the extension_dir is commented out (??) however CURL does work but there is nothing about CURL in php.ini. I cant find any php.so files. Also the php.ini file lives in /etc/php5/apache2 Does this look like a standard install? Where do the .so files live? Ultimatly I want to install Turck MMCache which requires some extensions and when ever I try to do phpize there is the error message Cannot find config.m4 (google is not helping solve the problem) apt-get install m4 says I have the latest version. phpize is a shortcut in usr/bin that points to etc/alternatives/phpize which in turn is a shortcut to usr/bin/phpize5
View Replies!
View Related
CPanel Php.ini Override
I am setting a dedicated server for a mate with cPanel/WHM 11. He says he wants a custom php.ini file such that you can override the settings when you upload a php.ini file in /home/site/public_html/ how to allow this in the global settings?
View Replies!
View Related
Php.ini Error Handling
If I have a php page with no errors, everything works fine. If I remove a semicolon so it should give me an error, it displays nothing but a white page... Also, there is no error_log created. php.ini error config: Code: ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; error_reporting is a bit-field. Or each number up to get desired error ; reporting level ; E_ALL - All errors and warnings ; E_ERROR - fatal run-time errors ; E_WARNING - run-time warnings (non-fatal errors) ; E_PARSE - compile-time parse errors ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and ; relying on the fact it's automatically initialized to an ; empty string) ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ; initial startup ; E_COMPILE_ERROR - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ; E_USER_ERROR - user-generated error message ; E_USER_WARNING - user-generated warning message ; E_USER_NOTICE - user-generated notice message ; ; Examples: ; ; - Show all errors, except for notices ; ;error_reporting = "E_ALL" ; ; - Show only errors ; ;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ; ; - Show all errors except for notices ; error_reporting = E_ALL & ~E_NOTICE ; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = On ; Even when display_errors is on, errors that occur during PHP's startup ; sequence are not displayed. It's strongly recommended to keep ; display_startup_errors off, except for when debugging. display_startup_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below)) ; As stated above, you're strongly advised to use error logging in place of ; error displaying on production web sites. log_errors = On ; Set maximum length of log_errors. In error_log information about the source is ; added. The default is 1024 and 0 allows to not apply any maximum length at all. ;log_errors = On; ; Do not log repeated messages. Repeated errors must occur in same file on same ; line until ignore_repeated_source is set true. ignore_repeated_errors = Off ; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; sourcelines. ignore_repeated_source = Off ; If this parameter is set to Off, then memory leaks will not be shown (on ; stdout or in the log). This has only effect in a debug compile, and if ; error reporting includes E_WARNING in the allowed list report_memleaks = On ; Store the last error/warning message in $php_errormsg (boolean). track_errors = Off ; Disable the inclusion of HTML tags in error messages. ;html_errors = Off ; If html_errors is set On PHP produces clickable error messages that direct ; to a page describing the error or function causing the error in detail. ; You can download a copy of the PHP manual from http://www.php.net/docs.php ; and change docref_root to the base URL of your local copy including the ; leading '/'. You must also specify the file extension being used including ; the dot. ;docref_root = "/phpmanual/" ;docref_ext = .html ; String to output before an error message. ;error_prepend_string = "<font color=ff0000>" ; String to output after an error message. ;error_append_string = "</font>" ; Log errors to specified file. error_log = "error_log" ; Log errors to syslog (Event Log on NT, not valid in Windows 95). ;error_log = error_log;
View Replies!
View Related
About Secure Php.ini Directories
how can i secure the following options in php with whm box this is my php.ini settings Code: open_basedir = /home:/tmp include_path = ".:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:"; safe_mode_gid = Off safe_mode_include_dir = safe_mode_exec_dir = i want no one can access other user (User Bypass) with php shell i am running whm with apache 1.3.39 and php 4.4.7 phpsuexec how can i secure these options
View Replies!
View Related
Extension_dir Setting In Php.ini
I have just installed a php download script from rwscripts.com. My web host is netfirms, and I've set it to PHP4 (same as the php script I got). However, after the installation was completed, I'm getting this error messege. "extension_dir does not exists /usr/local/nf/lib/extensions/no-debug-non-zts-20020429" I've found this from rwscript's FAQ: "extension_dir does not exists /usr/lib/php/extensions/no-debug-non-zts-20020429 The extension_dir setting in php.ini should point to the real directory for SourceGuardian loaders to work (as well as any other dynamic PHP extension). This may be any directory on server. Common setting is /usr/local/lib/php/extensions. Please contact your server provider about this issue. They need to create this directory and alter the setting in php.ini and then restart the webserver. " But I don't really understand. I've contacted Netfirms, but they never replied me. Where can I change the php.ini config? Is there any better webhosting who supports php,
View Replies!
View Related
Unable To Make Changes To Php.ini
i'm trying to configure PHP, as I really need to turn magic quotes off and raise the memory limit. i don't want to use .htaccess - too many sites I got plesk 8.2.1, php5.1 well, to make it short, I ran 'phpinfo()' to see where php.ini was: etc/php.ini I change that, restart httpd, nothing happens. restart the server, nothing still. my changes are not applied when I run 'phpinfo()' again. i try 'locate php.ini' from the terminal, there are a few! /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/conf/php.ini.def /usr/local/sitebuilder/php.ini /etc/php.ini /etc/php.ini. /etc/php.ini.saved_by_psa /etc/php.ini.rpmsave ... plus some in the opt folder (that should be just the cache, uh?) the problem is that I tried to open all of them, to see where the hell php was getting the settings from, but none of them seem to reflect php's settings. meaning, I don't know what file I can use to configure PHP. all of them, for instance, say 'memory_limit: 32M', but php is set at 8M, and phpinfo() tells me memory_limit 8M. any idea why this might be happening? does Plesk have some tool to configure PHP that makes PHP ignore my changes?
View Replies!
View Related
How To Disallow Php.ini Overriding
if i enabled phpsuexec the client can remove all disable_functions and every thing if he just uploaded php.ini to his public_html folder i thought about this: ln -s /usr/local/lib/php.ini /home/user/public_html/php.ini and it work perfectly but if the user triad to make edit via FTP to the file he will see the file content but can't edit i triad to chmod to 0 but it will stop PHP is there any solution to stop the user see the content for the file?
View Replies!
View Related
File Permissions On WIndows Server 2003
i am more a linux guy than windows, but recently i have to switch to windows. In my FTP program I logged in one of my domains and tried to edit file permissions for a folder but in my windows filezilla server it game me 504 command not implemented for that parameter error message. I read a little and learned that windows dos not support posix. How can a change the file permissions on windows machine?
View Replies!
View Related
How To Change Permissions Of A Read Only File System
I have a dedicated server and till few days back i was able to edit my files fine but this morning when i am trying to edit any file, it gives me back this error: [user@domainname theme]$ chmod 777 header.php chmod: changing permissions of `header.php': Read-only file system [user@domainname theme]$ [root@domainname theme]$ chmod 777 directoryy chmod: changing permissions of `directoryy': Read-only file system [root@domainname theme]$ I tried both as normal user and root and same results. Do you think the hosting guys changed the permissions of the file system or something?
View Replies!
View Related
File And Directory Permissions Is Driving Me Crazy
Until recently i had never used a Linux server, as i used to have a windows server. I now have a Linux VPS I am now at my wits end with file permission problems I use Joomla a lot for my websites, and i also develop and program many modules and components for it, but at the moment every time i upload a module (which is a zip file with php files that is put onto the server in the right place via php) it sets the ownership to "nobody" rather than the username so i cant access it via ftp, as it says you don't have permission or the file may not exist. Is there anyway the server can be set so it will by default set the file to have an owner name that will allow ftp access to it without me having to learn SSH Putty (which is all i have done today) or contacting my hosting company every time? I am spending more of my time with these permission problems than doing my work, it driving me barmy!
View Replies!
View Related
Php.ini Store Sessions In Database
Is there a way in the php.ini file to force all sessions to be stored in a database? For example, in ColdFusion you can configure sessions to be stored in a db. Can you do this in PHP? Thereby forcing all sessions no matter what the customer specifies to be stored in a db.
View Replies!
View Related
Changing Settings For Php.ini On IIS
I have IIS on my computer and I want to start using a php driven forum (SMF) on my web site. Before I upload the files I need to check the following settings are on: the engine directive must be On. the magic_quotes_sybase directive must be set to Off. the session.save_path directive must be set to a valid directory, or empty. the file_uploads directive must be On. the upload_tmp_dir must be set to a valid directory, or empty. I cant find anywhere within IIS where these directions maybe found. Can anyone point me in the right direction?
View Replies!
View Related
Php.ini - Editing It Messed My Whole Server Up
I have changed one value in /etc/php.ini safe_mode = On then restarted apache. Now, when I try to access any mysql based sites, like forum or gallery - I get a blank page. I went back and changed safe_mode back to 'Off'. Restarted the server - but I am still unable to load any pages. Running CentOS.
View Replies!
View Related
Accessing PHP.ini On A Dedicated Server
I'm using a dedicated server for the first time and I want to access the PHP.ini file so that I can set up the mail() function and also enable error reporting. However, all access has to be done remotely through a KVM console and I'm unsure what I need to do in order to get to the file that I want.
View Replies!
View Related
I Want To Use Individual Php.ini For 1 Of My Website In Hsphere
I have hsphere working on my server. Now I need to install phpacution. After the installation of php auction I am getting this message Extension dir /hsphere/shared/apache/libexec/php4ext/ You must to place ixed files at/hsphere/shared/apache/libexec/php4ext// I tried to copy php.ini in the root of my website but it has take down all of my websites. So will youlet me know how can I get php.ini working for 1 on my website from its root?
View Replies!
View Related
|
TRACKER
