The typical webhost sets up their servers so that each website gets a user account to manage it (eg your FTP login). Each user account has a home directory where they can create files. These website files will generally be owned by the user account that uploaded them.

The default permissions on these files usually won't allow other users to write to them for obvious reasons.

On most servers by default, the webserver runs under a different user account. eg on a Debian Linux server, Apache usually runs as the www-data user. Some webhosts though might have installed Apache modules that switch the webserver to run as the owner of the files it is serving up.

Note: To find out what user the webserver is running as, you can use the phpinfo() function. There are various ways of doing this - you can upload your own php file to do so, or that functionality might already be built into tools you already have available like phpmyadmin.

Most documents or people answering forums tend to assume that the webserver is running as a different user account. The explanations get a bit too fiddly and convoluted otherwise. But if your server does run the webserver as your own account, keep that in mind when reading other docs or answers - they might be aimed at the case where it runs as a different user.

How the web server is set up determines which permissions get used to control access to your files. If the webserver runs under your user account, then Unix uses the file owners permissions to provide access to your files. If the webserver runs as a different user, then Unix uses either the 'group' or 'other' permissions to determine access depending on whether or not the webserver account is in the files group or not.

Comments

psy’s picture

psy commented

Try putting phpinfo() into a Drupal Page (that is not linked obviously).

The page needs to have an Input Filter setup that allows php code to be inserted into the Body of the node.

This is useful for checking that ini_set commands in sites/default/settings.php are actually working.

profjk’s picture

profjk commented

Why should I put phpinfo() in a drupal node? Any additional advantages?

I would put it into a php file , say, what.php, run it from the browser and get my settings info.

Thanks in advance.

Fleshgrinder’s picture

Fleshgrinder commented

I would also recommend to create a PHP-file and upload it to the server. Best is to put it into a subfolder like /sites/default directly to your settings.php file. Never link the file from anywhere, so that search engines won't list it (you can additionaly add a noindex meta tag into the header of the file). Don't use your robots.txt file to disallow the crawling of the page, because crackers (hackers) could also take a look at it. Also make sure to chown the file correctly (664), so that noone has write permissions to it, only the permissions to read it. Security is everything!