After setting up LAMP (on Debian) and then looking at /var/www/html's permissions, I was surprised that it is only writeable by root (drwxr-xr-x 1 root root).
Presumably PHP scripts can create files in /var/www/html, but surely a PHP script (or it's interpreter) doesn't run in the name of root? Can anyone help me understand whatever I am misunderstanding?
EDIT:
I installed PHP with apt-get install php5-common libapache2-mod-php5 php5-mysql php5-cli
PHP scripts will run as either:
User directive in your Apache configuration (usually apache or nobody) if you are using mod_phpphp-fpmSo the user a PHP script will execute as will vary. So it's up to you to set the owner and group of /var/www/html (or wherever your DocumentRoot is) accordingly.
Furthermore, you may not wish for your PHP application to be able to write (or overwrite) files in your DocumentRoot at all, as this could allow a visitor to a compromised or insecure PHP web application to gain remote code execution privileges. So it's your responsibility to decide whether or not your PHP application is trustworthy enough to allow it to write to files that Apache can serve over the web or even execute.
PHP will almost never (and should never!) be run as root for similar reasons to those mentioned above.
service apache2 restart as root? sudo service apache2 restart does not cause Apache to be run as the root user. The user that Apache runs as is determined by the User directive in the Apache configs. Centos/RHEL already used root:root for /var/www/html.It's about security issue. apache or nobody was unsecure.Not easy to hack /var/www/html when it set root:root.Debian was late to use root:root on /var/www/html.
