UNIX, Command Line, File Permissions
UNIX on the Server
PHP is designed to run on UNIX/Linux, Windows and other operating systems. UNIX/Linux is by far the most common configuration and the one we'll use for this class.
Command Line Access
To be able to work with UNIX and later with MySQL we'll need to login and access Zephir via a command line, where we can type in UNIX commands.
Secure Shell (SSH)
To do this, we'll need a 'terminal' program that can login and open a command line prompt. For Zephir, we'll need a secure terminal program, one that uses a Secure Shell (SSH) which means the text we type will not be passed in clear text, which is the default. Such a program in Windows is called puTTY.
On a Mac, I understand there is no need as there is a built in Secure Shell (SSH) in OSX: SSH on a Mac
Once you have downloaded puTTY, be sure to set the protocol to SSH. For a host name, we will type in:
zephir.seattlecentral.edu
Once you select SSH, (port 22) you will get a screen:
login as:
You would use your UNIX user name (in our case, the same as the login we are using for FTP access to Zephir, what I call horsey01) and press enter
You will then be prompted for your password. This will be the last 6 digits of your SID.
Once logged in you can run UNIX commands, set file permissions and work with MySQL.
File Permissions
Since a web server is accessed by the public, it is especially at risk to hacking. To prevent this, files and directory access is "locked down" as much as possible, while still giving proper access to the programs and users that need it. Having the capability to view or change a file depends on the file permission for both the file and the directory. Sometimes the words 'access' is used as a close synonym for 'file permission'.
Read
To be able to "see" a web page, all a user needs is "read" access. The user is reading the file (retrieving the HTML document) but not changing what is there. A web server can still serve up files and read from a database with no problem as long as read capability exists for the file and the directory.
Write
To be able to change any information however, we need to have "write" capability. To be able to change data in a database or write to a text file, both the file, and directory containing the file need to be configured to have "write" capability.
The number of files set to have "write" capability should be limited, however, since this is dangerous. Only a minimum number of directories should be configured this way, and only the files necessary to be able to read & write should be included inside them.
Execute
For a program to run from the server, a file or directory may need to be set to have "execute" capability. UNIX is aware of running programs, and will disallow access to a program if the execute permissions do not allow access.
Read/Write/Execute (RWX)
The 3 permissions described above make up rwx, read-write-execute, which apply to directories and files, all of which must be set properly for our PHP web applications.
UNIX Permission Values
Permissions in UNIX have been given octal equivalents to facilitate reading and changing them. Permissions on files and directories can be thought of as additive, meaning more than one can apply at a time. Each type of permission has a special "value". When the numbers are added, the type of permissions on a file or folder can be quickly deduced. the values are as follows:
- Read = 4
- Write = 2
- Execute = 1
If a file or directory has read and write permissions applied, the file has a permission of 6. To apply full read/write/execute to a file or directory changes the file permission to 7.
UNIX/Linux Users
In UNIX, there are three levels of users. The person who created
or "owns" the file or directory, the "group" they are a part of (if applicable) and "everyone" else.
These 3 designations, "owner", "group" and "everyone" are indicated on every directory
and file in the UNIX system. When you look at the file (or
directory) from the command line (using the "list" command, "ls") each file or directory has
3 characters indicating the read, write and executable capability
of each of these 3 groups. Here is a sample designation of
a directory:
drwxr-xr-- 4096 Aug
31 22:32 myDirectory
In the above listing, the first character "d" means this is a directory. If something
is not applicable, you instead see a dash (-).
The first 3 characters following ("rwx" in this case) indicate the permissions of the owner of the
file. The owner has read, write and execute permission on
this directory
The next 3 characters ("r-x" in this case) indicate the permissions of the group to which
the owner of the file belongs. In this case, the group has "read" and "execute" permission
to the file.
The last 3 characters ("r--" in this case)
indicate the permissions of everyone else regarding this directory.
In this case, everyone else only has "read" permission to this directory.
CHMOD
The UNIX command to change permissions is chmod (change mode)
This command gives full read/write/execute permissions to everyone:
chmod "filename" 0777
The first 7 shows the owner has RWX, the second shows the group, and third number indicates Everyone else. Always start the number with a zero
To be able to see the files (to see the permissions were changed) you can type:
ls -l
To show a list of the files/directories
To change directories, to make changes in a different directory, type chdir:
chdir "directoryname"
To exit, type:
exit
You can also set file permissions with a program like WinSCP. There you can right click, and visually change file permissions.
Some FTP programs allow us to change file permissions. In WS_FTP you can right click a file or folder, and select CHMOD, and make the same changes there.
You can hit F7 in WS_FTP to create a folder called rwx, and right click on the folder and change permissions to 0777 (full Read/Write/Execute permissions for all).
Flat Files (plain text)
Files can be given 'write' capability, which allows us to make changes to the file as a means of data storage. The flat file (text file) was the original database for web sites. The database actually refers to the information itself, and the software we commonly call a database (Access, MySQL) is really the DBMS (Database Management System).
Flat files are still used today, and work very well for low use websites or data, especially for error or log tracking of info. Flat files are the means used to store server log files, which track errors and users on a website.
Reading/Writing to a File
To be able to test whether we can read and/write to a file,
we have the following example. In this file, we first
write to a test file, then attempt to read from it. Once we
know we can write to the file, we are sure both the directory
and the file are set correctly to have write capability.
Logging Error Messages
One reason for writing to a file would be to write custom error messages. In a production environment, we do not want to expose PHP or MySQL errors to the user. However, we may want to "trap" these errors so we can troubleshoot our pages. We can "suppress" many PHP errors by placing the "@" symbol in front of a line of code in which we expect an error, or warning. However, when we do that, we no longer directly see the error, and may wish to troubleshoot.
A simple way to trap these errors is to write to a specially set up log file to record error messages as they are created. Later we can set up a system to catch errors and email us, if they are critical, but for now we'll depend upon the developer having a file to view on occasion to see what error messages have been trapped, when they happened, and what page created them.
Below is an example page called "logWriteINC.php" which is intended to write to a log file when the developer anticipates an error in the code. For our example, we will trap a MySQL error message (mimicking what we get with a typo in the MySQL user name or password) and print it to the log file.
A test file was created below to demonstrate how this page works.
View the code for detailed operation of the pages.
|
