Check out Scrivo

Do you want to try out Scrivo? Then here's a demo for you that does not just get your feet wet but lets you plunge right in.

Contact us

For more information, please contact us. We're happy to help you out!

Next Oct 7 Previous

666: the number of the beast

When you use tempnam() to create a file with a unique filename the documentation states that the file permissions will be set to 0600. What does this mean?

A: Only the current script can write to the file
B: All users of the group to which the Web server system user (typically www-data) belongs can read and write to the file.
C: Only actions on behalf of the Web server system user can read and manipulate the file.
D: 0600 is the highest file permission for read/writable files: everybody/-thing on the system can read or write to the file.

Answer

I suppose this is a no-brainer for those working with UNIX (like) systems. In those systems permissions are set in some bit-like fashion. Permissions are set on the user, group and other level and on each level you can mark a file readable, writable and executable. Those are 9 (3*3) possibilities and these can be represented as a 9 bit number or more commonly by 3 octal numbers (an octal number takes 3 bits when it is converted to a binary number).

In each of the three octal numbers the bit at position 3 (most significant or most left) stands for readable, the one at position 2 stands for writable and the one at position 1 stands for executable.

In an octal number group the octal number at position 3 (most significant or most left) stands for user, the one at position 2 stands for group and the one at position 1 stands for other.

In the number 0600 the first is the octal indicator (in many computer languages preceding a number with a will make it an octal number). So we' ll split it up as follows

6: binary 110user can read, can write and can't execute. : binary 000group users can' t read, can't write and can't execute. : binary 000others can' t read, can't write and can't execute.

So the created file can only be read or written to by the Web server process, therefore answer C is correct.

Now this is on UNIX like systems, but what if you're running Windows? Honestly I don' t know. I suppose something equivalent, but watch out for IIS 7 and up. If you run that thing in integrated Windows authentication mode you're in for some surprises.