0

I apologize in advanced if this question is better suited for Stack Overflow.

We have a CentOS cPanel server and we want to share some PHP code base with another user. We don't have open_basedir enabled on any account and is disabled in httpd. I have created a symbolic link to the code base and set 0711 permissions on recursively but PHP still throws permission errors when scripts are included which are in another user's home dir.

What we hope to achieve is to allow user x to access user y's code base with execute permissions only. We don't mind if user y can see the code we just don't want write access to the code base. Since this code base is constantly updated we'd rather not just copy the code to user y's home dir.

Any suggestions on how to achieve this?

UPDATE: I thought PHP may have been runing in safe mode, I checked php.ini I have both safe_mode and safe_mode_gid set to Off

Mikey1980
  • 751
  • 1
  • 8
  • 12

2 Answers2

1

If you want to share PHP script code with another user/groupyou definitely have to set read permissions for the user/group of your php process to the files and execute permissions on the dirs in the path to the files.

gnump
  • 41
  • 3
  • I see the logic but I tried with 0755 and PHP still throws `[function.require-once]: failed to open stream: Permission denied in...` – Mikey1980 Nov 09 '11 at 16:14
  • @Mikey1980: What about the parent directories? Apache needs to be able to get to the file to read it. – David Nov 09 '11 at 16:39
  • ohh now it's getting scary, so I would need to give read permissions to the other home dir? – Mikey1980 Nov 09 '11 at 16:47
1

To find the file the user would need at least --x (1) permissions on all parent directories (ie /home and /home/you). -rx (5) is only needed if you don't already know the name of the file you want. Executing a php script as a server script needs only -r- (4) permissions (apache just reads the script and executes it internally), while doing it from the command line requires (normally) -rx (5). The exception to this is if your platform allows use of the set user/group id bit, in which case you can get away with --x (see man chmod).

erm410
  • 183
  • 3