J.O. Aho <user@example.net> wrote:
> Wim Cossement wrote:
>
>> Thanks for both tips, I aready took the x from all my PHP files, but
>> the second suggestion about changing the all files in /var/www/ to
>> root:apache 0640 does not do the trick, I always get a 403 error
>> when I tried this.
>>
>> This seems unlogical too me, since apache runs as apache:apache so it
>> shoud be able to get me the files since the group can read them.
>
> The files should be owned by apache and not root, as this leads to
> that apache may not have the right to read the file in question.

If apache is in the group apache, it will be allowed to read any files
that's root:apache 0640. (Assuming the parent directories are 0750 or
otherwise give rx access to the apache group, of course.)

The problem is likely either of:
- The PHP programs in question demand *write* access, in which case
it's an insecure abomination that should be uninstalled and have all
traces wiped as fast as possible.
- The PHP programs run as a different user ID than the web server
(which is a good thing), and this userid is not member of the apache
group.

Regards,
--
*Art