8
I have a file PHP inside the Linux opt directory.
Inside it I have a script with queries to update a database, with password and login connection of the database.
This file is set inside a bash file scheduled in cron that has it executed:
php /opt/script_de_atualizacao.php
What permission do I give this file? Since it has Mysql password and login, it would be the 755?
13
The most important thing, generally, is not to set up unnecessary possession and permissions for the functioning of the cron on your operating system. Use the minimum privilege principle. For example, you do not need to run this script as root, first. Create a user on your task-specific system (assuming adduser), if that’s the case, put him in charge of the archive (chown) and set it as the executor in cron. For example, in /etc/crontab, to run the task 4:30 am every day:
30 4 * * * usuario_da_tarefa /usr/local/bin/php -f /opt/script_de_atualizacao.php
I note that if you do so, /opt/script_de_update.php nor needs to be executable. It only needs to be readable, to be interpreted by php; that is, the 400 mode is sufficient. Still in the example:
# useradd -r usuario_da_tarefa
# chown usuario_da_tarefa:usuario_da_tarefa /opt/script_de_atualizacao.php
# chmod 400 /opt/script_de_atualizacao.php
Further, you probably don’t need to expose your bank’s administrative user in the file /opt/script_de_update.php. Create a specific user in the database for your task and give the necessary bank permissions to it, such as for SELECT and SHOW VIEW.
Just to complete and clarify further, I noticed important confusion about file access permissions in your question. See, when giving ls -l in a directory, you will see something like this, in the first column:
- --- --- ---
The final three cracks indicate permissions, as the first isolated space indicates the nature of the file. The first three sets indicate permission to the owner, the second to the group and the third to others, i.e., who is not the owner (third column of ls -l) nor is part of the group (fourth column of ls -l).
You can use the chmod basically as follows: chmod XYZ arquivo, where X sets permission to the owner, Y to the group and Z to others. Both X, Y and Z go from 0 to 7, meaning this:
1 (execução),
2 (escrita),
4 (leitura),
and its possibilities of adding.
Thus, chmod 755 /opt/script_de_atualizacao.php means:
Permission 7 to its owner, that is 1 (execution) + 2 (writing) + 4 (reading); permission 5 to the group and others, i.e. 1 (execution) + 4 (reading), any user can read (and run) the file, and that’s not what you want, since the safety of your bank is at stake.
Take a look at file access permissions, to complement.
Browser other questions tagged php mysql linux
You are not signed in. Login or sign up in order to post.
And its intention is that the file has permission to run but that users cannot access it to view the database access data?
– Woss
Yes. That would be it. What permission can I use?
– JotaBe