16.4.目錄檔案與許可權

玄學醬發表於2017-12-18

16.4.1. 讀寫許可權

Apache程式所有者: nobody

程式所有者: www

apache 可以讀取程式並執行,但apache 無法改寫程式碼,/tmp等特殊目錄可以寫入操作

重置許可權命令

chown www:www -R /www
chown nobody:nobody -R /www/www.example.com/tmp

find /www/ -type d -exec chmod 755 {} ;
find /www/ -type f -exec chmod 644 {} ;
chmod 744 -R /www/www.example.com/tmp

16.4.2. 訪問許可權

遮蔽訪問許可權

				
<Directory>
<DirectoryMatch>
<Files>
<FilesMatch>
<Location>
<LocationMatch>

並不是所有目錄和檔案都需要提供給使用者的,例如早期PHP專案中沒有使用框架,常常有include, config等等目錄需要遮蔽

例 16.1. Example for ECSHOP 

				
<VirtualHost *:80>
    ServerAdmin webmaster@example.com
    DocumentRoot /www/www.example.com/
    ServerName www.example.com
    ServerAlias example.com
    DirectoryIndex index.html index.php
    CustomLog "|/srv/httpd/bin/rotatelogs /www/logs/www.example.com/access.%Y-%m-%d.log 86400 480" combined

    <Location /data/>
	    Order allow,deny
	    Deny from all
    </Location>
    <Location /images/upload/>
            Order allow,deny
            Deny from all
    </Location>
    <Location /temp/>
            Order allow,deny
            Deny from all
    </Location>
    <Location /includes/>
            Order allow,deny
            Deny from all
    </Location>
    <Location /library/>
            Order allow,deny
            Deny from all
    </Location>
    <Location /plugin/>
            Order allow,deny
            Deny from all
    </Location>

    <Directory /www/www.example.com/images/>
        <Files *.php>
            Order allow,deny
            Deny from all
        </Files>
    </Directory>
    <Directory /www/www.example.com/js/>
        <Files *.php>
            Order allow,deny
            Deny from all
        </Files>
    </Directory>

    <Directory /www/www.example.com/themes/>
        <Files *.php>
	    Order allow,deny
	    Deny from all
        </Files>
    </Directory>

</VirtualHost>

原文出處:Netkiller 系列 手札
本文作者:陳景峰
轉載請與作者聯絡,同時請務必標明文章原始出處和作者資訊及本宣告。


相關文章