On Tue, 2004-08-31 at 14:23, Øyvind Lode wrote: > This work just fine but he is worried by the permissions on the file. > The guestbook.txt file have the following permissions: > -rwxr-xrw- > > Owner is the username of my friend and the groupowner is also my friend. > > He have heard someplace that having such a file world writeable is a > security risk. > He tells me that the file should not be writeable for everyone but it has to > be or the php script fails I tell him... > The only problem is that he doesn't remember how this was done and don't > know either... > > How is this done by the Pro's? Not sure how the "Pro's" do it, but what you probably need to do is assign group permissions on the file to the user that php runs as. I think it is the user apache runs as which on fedora is either apache or nobody. (I think that depends on if you installed from source or RPM files) Then you would need 770 permissions which mean the owner and the group have read/write permissions and others (the world) have no permissions on that file. (770 translates to -rwxrwx---) -- Scot L. Harris webid@xxxxxxxxxx Small things make base men proud. -- William Shakespeare, "Henry VI"
