I’ve always used Linux for web hosting but have never really understood how permissions work with regards to PHP. PHP files just need read permission (not execute). When a user visits a web page and accessed a PHP file and it is executed can someone please explain how this process works — and why it doesn’t need to be executable?
My hosting company uses suPHP, by the way which I understand has a bearing on the above.
The PHP files themselves are not executed. Instead the PHP executable (or apache php module, or php-fpm in case of NGiNX, etc) is executed, which reads the php file(s), interprets them, and then runs the interpreted code. So the process running PHP only needs to be able to read the files, that’s enough.
Thanks, so when you access a PHP file through HTTP on a web server is it done through a user that has rights to execute the PHP engine instead of the actual file?