* Thus wrote Jason Morehouse: > Richard Lynch wrote: > >Jason Morehouse wrote: > > > >>Hello. I'm not sure if this is an apache problem or php... but > >>wondering if anyone has come across the same problem. > >> > >>-rw------- 1 root root test.html > >>-rw------- 1 root root test.php > >> > >>Trying to access test.html via a browser servers up the apache 403 error > >>page. The test.php however produces: > >>... > > > >Apache (and the PHP Module within it) run as a specific user. > > > >That user is not (and SHOULD NOT be) 'root' > > ... > > > > I don't need a lesson in file permissions, thanks. Apache runs as > nobody. The problem isn't trying to get apache to display test.php, > it's having it display the proper 403 error page, rather than a php > error when it doesn't have access to a page.
Your Original Post did not state that you knew why the error occured, we can't reminds after all. > > Each page, test.html and test.php have the same permissions. The html > page gives the expected 403 error message when I try and access it > (thats what I want). The other, php script doesn't. This is a security > concern for me as it reveals paths on my system in the event a page has > the wrong permissions. Why does apache not server the 403 on the php > page? Maybe this is better off in the apache list. It is recommended *not* to have 'display_errors=on' for a production server for this very reason. Have the errors go to syslog or something similar. Curt -- Quoth the Raven, "Nevermore." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
