se7enbot Posted October 9, 2017 Posted October 9, 2017 Hello, I have a file inside a folder into my public_html that uses php to get a epoch timestamp "timestamp.php", I'm trying to use it but I'm getting a "Server internal error 500". Can you help me?
Krydos Posted October 9, 2017 Posted October 9, 2017 Does the 500 error go away when you change it to 644?
se7enbot Posted October 9, 2017 Author Posted October 9, 2017 Sure, this worked, just changed to 644. Why does the group permission has this effect? The other files "not php" work fine with that.
Krydos Posted October 9, 2017 Posted October 9, 2017 SuPHP is very particular about permissions. It's a security vulnerability to have a php file be writable by the group.
wolstech Posted October 9, 2017 Posted October 9, 2017 (edited) It only affects PHP files because PHP files are executed through CGI (Apache passes them to PHP, PHP handles processing and tells Apache what to send). Not sure exactly why Apache does this for PHP (I'm assuming not allowing this provides security of some form), but it just really does not like PHP scripts when they're writable by the group. All your other files (images, CSS, HTML, etc.) are just read from the hard disk and sent to the client. EDIT: Beaten to it. Edited October 9, 2017 by wolstech
Krydos Posted October 9, 2017 Posted October 9, 2017 (Apache passes them to PHP, PHP handles processing and tells Apache what to send). Not sure exactly why Apache does this for PHP (I'm assuming not allowing this provides security of some form)One of the fundamental principles of unix is that each tool should do only one job, and do it as perfectly as possible. Apache's purpose is to serve content over http/http2 protocol, and to be as secure and stable as possible. PHP is a separate process entirely, and it's purpose is to process scripts written in php and to be as secure and stable as possible. If apache also processed php scripts it would violate the one-tool-one-purpose unwritten rule. The idea is if you try to make one tool do too much then it won't be as perfect at all of it's different tasks. Since this is the case the kernel of linux does an exemplary job of linking these separate processes together with pipes and redirected stdout and stdin and stderr, etc. See: https://en.wikipedia.org/wiki/Unix_philosophy#Do_One_Thing_and_Do_It_Well
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now