chmod 777 - 这是服务器问题吗?
如果服务器上的 PHP 脚本无法创建目录,这通常是因为 PHP 以 apache/nobody 身份运行吗?那么你能由此判断服务器配置错误吗? (或者只是使用标准配置)
为了安全起见,如果php以用户身份运行会更好,如果是的话,这个问题(需要777)还会发生吗?我不这么认为,但我想我会问...
If a PHP script on the server can't create a directory, is this usually because PHP is running as apache/nobody? So can you say from this that the server is misconfigured? (or just using the standard configuration)
For security purposes it would be better if php was running as the user, and if it was, would this problem (requiring 777) still occur? I don't think so but I thought I'd ask...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
IMO 你永远不应该有 777 目录。在没有用户的网络服务器上这并不重要,但它从来没有必要,无论如何都应该避免。
debian 上的 PHP 以与 apache (www-data) 相同的用户和组运行。因此,您只需配置文件访问控制即可允许该用户执行您喜欢的操作。您永远不需要 777。
其他发行版具有类似的配置,但您始终可以编辑 apache2.conf 和 php.ini 文件以获得您想要的任何结果。
IMO you should never have a 777 directory. It doesn't matter so much on a webserver with no users, but it is never necessary and should be avoided anyway.
PHP on debian runs as the same user and group as apache (www-data). So you simply need to configure your file access controls to allow that user to do what you like. You should never need 777.
Other distros have similar configurations, but you can always edit your apache2.conf and php.ini files to get any result you want.
那么您可以由此判断服务器配置错误吗?
不。 事情应该是这样的。 apache 执行的 php 脚本以用户
www-data身份运行(在 Ubuntu 上)。www-data实际上对整个服务器没有写入权限。事情本来就应该如此。如果您编写了一个稍微不安全的 php 脚本(例如容易受到代码注入)并且它的运行方式为root,恶意访问者可能会擦除您的整个硬盘驱动器。为了安全起见,如果 php 作为用户运行会更好?
您所说的用户指的是谁?如果是 root,请参见上文。如果是具有root权限的用户,请参见上文。
这个问题(需要 777)还会发生吗?
问题在于您使用的代码需要对外部目录具有完全的读取、写入和执行权限。
如果它是一个仅由您的脚本使用的目录,则
www-data应该拥有它。问题解决了。如果您使用的 php 脚本必须有权访问敏感系统区域,您可能需要重新考虑执行此操作的方式。 php 脚本应该执行的许多任务可以由脚本安排,然后由 cron 作业执行。
最后但并非最不重要的一点是,如果您绝对必须,您可以以任何您想要的用户身份运行 php。只需安装模块
mpm_itk_module并添加到
但请注意 - 正如我之前所说 - 如果脚本不好且权限错误,可能会发生非常糟糕的事情 (TM)。
So can you say from this that the server is misconfigured?
No. That's how it's supposed to be. php scripts executed by apache run as user
www-data(on Ubuntu).www-datahas practically no writing rights on the entire server. And that's how it's supposed to be. If you write an even slightly insecure php script (e.g. susceptible to code injection) and it's being run as root, a malicious visitor could wipe out your entire hard drive.For security purposes it would be better if php was running as the user?
Who do you mean by the user? If it's root, see above. If it's a user with root privileges, see above.
Would this problem (requiring 777) still occur?
The problem is that you're using code that needs full reading, writing and executing permission on a foreign directory.
If it's a directory that will only be used by your script,
www-datashould own it. Problem solved.If you're using a php script that has to have access to sensitive system areas, you may want to rethink the way of doing this. Many tasks that a php script is supposed to execute could be scheduled by the script and later executed by a cron job.
Last but not least, if you you absolutely have to, you can run php as any user you want. Just install the module
mpm_itk_moduleand addinside the
<VirtualHost>tag.But be aware that - as I said before - with a bad script and the wrong privileges, Very Bad Things (TM) could happen.