Penn State Mark Penn State Application Services - PHP Web service text graphic Information Technology Services
 
PHP Web Service home | Storing Data | Setting PASS Permissions | Firewall/Database Permissions Info | Errata and Change Log

PHP Web Service - Setting Permissions

In order for PHP scripts to save changes to files and folders, you will need to allow php.scripts.psu.edu to make changes via the Access Control Lists (ACL). For security reasons, the PHP Web server is configured in such a way that a typical user or script cannot make changes to the files in your www folder.

For PHP scripts to make changes, the Web server program must have Write permission to the data files. The Web server program on http://php.scripts.psu.edu/ runs with the identity of a "user" called php.scripts.psu.edu and is in the group called php.scripts.psu.edu. You will need to assign the group php.scripts.psu.edu Write permission to files your PHP program needs to change. You also should revoke Write access from everyone else except for yourself, any co-authors and system administrators, to limit the possibility of someone accidentally or maliciously changing/deleting your PHP data. It is recommended that you do not store any .php files in a folder with Write access granted to php.scripts.psu.edu nor give out Write permission on your .php files.

The ITS Secure Server provides a permissions-setting utility for php.scripts.psu.edu, so that a script is able to run as well as save changes visitors make when they use your script.

For reading or executing files, it is sufficient to give the Web server program access by giving everyone Read and eXecute permissions (see below). The "user" php.scripts.psu.edu is also in the group called access, the group in which all Penn State Access Accounts are found.

Unlike CGI scripts, PHP does not need the eXecute permission on a script in order to run. However, it does need the eXecute permission on all folders.

Note: Before you go through these steps it is recommended that you create a secondary folder inside your www folder to store your data files. This folder needs its permissions set to allow PHP scripts to write to it. Your scripts do not need to be placed into this folder, and to avoid the possibility of having your scripts interfere with each other they should be placed in a folder that does not have these permissions set.

To set these permissions:

  1. Open the PASS Explorer (https://explorer.pass.psu.edu/) in a new window, or first print this page, so you can follow along with these directions.

  2. In the PASS Explorer, navigate to your www folder. Select the folder you will be using to hold your data files and with this folder selected press the "Info" button.

  3. A pop up window will appear with information about the folder and 3 buttons. Press the "Go to permissions" button in the pop up window. This will open up a permissions wizard in a new tab or window depending on your browser and preferences.

  4. Now the "File Permissions Wizard" screen appears. The folder you had selected in step two will already be selected in the wizard and you will be able to set the permissions needed to get various scripts working from here. You can also use this wizard to handle access permissions for other users to allow them to view or edit your files. At this point select "Web Application File Permissions" and press the "Next >" button to continue.

  5. On the Web Application File Permissions Wizard screen click on "Set Permissions Needed for PHP" and press the "Next >" button to continue.

  6. Before the permissions are changed you will be presented with a check box asking if you want to change the permissions to all files and folders within your web space. If you have folders within your web space that need to have PHP available in them click on this check box, otherwise leave it blank. Press the "Apply Changes" button to commit the change.

  7. Once the changes are done you will be taken to a page displaying all the permissions that are currently set.


The Pennsylvania State University ©2007. All rights reserved.
Alternative Media - Nondiscrimination Statement
This site maintained by Academic Services and Emerging Technologies, a unit of Information Technology Services.
229 Computer Building | University Park, PA 16802

For assistance please write to helpdesk@psu.edu or see our Help Sources.
Provide site feedback to the ASET Communications Team.

Last revised: Saturday, July 19, 2008.