Permissions for PHP scripts to read/write files

administrator · September 13, 2023, 4:05pm

I’ve written loads of PHP scripts over the years to run on my own servers where I know the permission structure and so what’s needed, but as far as I recall I’ve never written scripts for others to deploy on their own web servers so I’m looking for a bit of advice from those who have gone before me.

What permissions would you expect data files to have to allow them to be read and written to by a PHP script in the same directory when the script is being run by the web server process? I’d think 66x would be OK (owner and group read+write) assuming that the web server process that’s running PHP is either the owner of the directory or is in the group that owns the directory? Is that a reasonable assumption for most web servers that you’ve had your scripts used on?

administrator · September 13, 2023, 8:11pm

Would any PHP experts also like to suggest why…

if (($json_perms & 0666) != 0666)

…works but…

if (($json_perms & 0x01b6) != 0x01b6)

…doesnt? I’m completely stumped by this one!

ktrue · September 13, 2023, 9:21pm

maybe because the logical and is && or and, not & ?

administrator · September 13, 2023, 9:51pm

It’s a bitwise arithmetic AND so I wouldn’t expect the number format to affect it at all. In my simplistic mind the numbers are converted to binary and then bitwise ANDed using registers, with the result being compared to the right side of the !=

ktrue · September 14, 2023, 2:16am

Sorry… my bad. You’re correct for a bitwise operator (I’ve really only used logical operators, hence the &&)

[quote] Bitwise Operators

$a & $b : Bits that are set in both $a and $b are set.

ktrue · September 14, 2023, 2:20am

I’ll offer the decoder-ring function I use for file permissions:

#---------------------------------------------------------  
# decode unix file permissions
#---------------------------------------------------------  

function decode_permissions($perms) {

  if (($perms & 0xC000) == 0xC000) {
	  // Socket
	  $info = 's';
  } elseif (($perms & 0xA000) == 0xA000) {
	  // Symbolic Link
	  $info = 'l';
  } elseif (($perms & 0x8000) == 0x8000) {
	  // Regular
	  $info = '-';
  } elseif (($perms & 0x6000) == 0x6000) {
	  // Block special
	  $info = 'b';
  } elseif (($perms & 0x4000) == 0x4000) {
	  // Directory
	  $info = 'd';
  } elseif (($perms & 0x2000) == 0x2000) {
	  // Character special
	  $info = 'c';
  } elseif (($perms & 0x1000) == 0x1000) {
	  // FIFO pipe
	  $info = 'p';
  } else {
	  // Unknown
	  $info = 'u';
  }
  
  // Owner
  $info .= (($perms & 0x0100) ? 'r' : '-');
  $info .= (($perms & 0x0080) ? 'w' : '-');
  $info .= (($perms & 0x0040) ?
			  (($perms & 0x0800) ? 's' : 'x' ) :
			  (($perms & 0x0800) ? 'S' : '-'));
  
  // Group
  $info .= (($perms & 0x0020) ? 'r' : '-');
  $info .= (($perms & 0x0010) ? 'w' : '-');
  $info .= (($perms & 0x0008) ?
			  (($perms & 0x0400) ? 's' : 'x' ) :
			  (($perms & 0x0400) ? 'S' : '-'));
  
  // World
  $info .= (($perms & 0x0004) ? 'r' : '-');
  $info .= (($perms & 0x0002) ? 'w' : '-');
  $info .= (($perms & 0x0001) ?
			  (($perms & 0x0200) ? 't' : 'x' ) :
			  (($perms & 0x0200) ? 'T' : '-'));
  
  return $info;
}