PHP Permissions (chmod vs. suEXEC)

Question

I have an application that claims to require chmod 777 permissions for two of its directories (and their subdirectories). Instead of doing that, would suEXEC be a more secure alternative?

I highly doubt that any application should ever have 777 without posing a security risk. — Lucas Kauffman, Apr 05 '12 at 14:35

score 2 · Accepted Answer · answered Apr 05 '12 at 14:36

2

Yes, it would. suPHP and/or using FastCGI would also work.

On a more general note, I'd be very wary about the coding practices (especially around security) of anyone who thought that chmod 0777 was the solution to a permissions problem. You might be installing an invitation to a giant pwn party on your server.

answered Apr 05 '12 at 14:36

womble

96,255
29
175
230

So /var/www is set to root:web where "web" is developers only (not www-data). In this case, Apache will access files under the permissions of everyone else. Will suEXEC still work given this case or should I add www-data to my "web" group? – Trent Scott Apr 06 '12 at 15:20
1

Yes, suExec would work, although I'd still recommend using FastCGI as it doesn't have the per-request overheads of suExec. – womble Apr 06 '12 at 23:41

PHP Permissions (chmod vs. suEXEC)

1 Answers1