Title, using PHP and sqlite3 to build a small application, using Nginx as a reverse proxy server, spawn-fcgi as a fcgi service, the database and PHP and static files are not in the same directory.
Now Nginx and spawn-fcgi both use nobody user work, if the database directory can not read/write, PHP will prompt can not open the database ... (This is probably the error), so you have to set the permissions of the database directory to 777, and the question is, is this really okay?
The online search method is to change the permissions to 777, but I see my rails application within the DB directory permissions are 775, the database file permissions are more stringent, as if 664 ... I checked the web for rails passenger (I deployed with passenger) to work with the owner of the application path, so should I use the creator of the PHP application file to perform the fcgi service?
It would be better if it was unsafe to raise the cause of insecurity.
Reply content:
Title, using PHP and sqlite3 to build a small application, using Nginx as a reverse proxy server, spawn-fcgi as a fcgi service, the database and PHP and static files are not in the same directory.
Now Nginx and spawn-fcgi both use nobody user work, if the database directory can not read/write, PHP will prompt can not open the database ... (This is probably the error), so you have to set the permissions of the database directory to 777, and the question is, is this really okay?
The online search method is to change the permissions to 777, but I see my rails application within the DB directory permissions are 775, the database file permissions are more stringent, as if 664 ... I checked the web for rails passenger (I deployed with passenger) to work with the owner of the application path, so should I use the creator of the PHP application file to perform the fcgi service?
It would be better if it was unsafe to raise the cause of insecurity.
Set the SQLite database file to Nobody all. Permissions of 644 or even 600 are OK.
# chown Nobody:Nobody xxx.sqlite# chmod 600 xxx.sqlite