PHP File Permissions & Security

Intermediate~30 min read

File permissions and security are critical for protecting your application. Learn to manage permissions and validate file paths safely!

<?php
// File Permissions and Security

// Check permissions
$file = 'example.txt';

echo "Readable: " . (is_readable($file) ? 'Yes' : 'No') . "\n";
echo "Writable: " . (is_writable($file) ? 'Yes' : 'No') . "\n";
echo "Executable: " . (is_executable($file) ? 'Yes' : 'No') . "\n";

// Get file permissions (octal)
$perms = fileperms($file);
echo "Permissions: " . substr(sprintf('%o', $perms), -4) . "\n";

// Change permissions
chmod($file, 0644); // rw-r--r--

// Get file owner
$owner = fileowner($file);
echo "Owner ID: $owner\n";

// Change owner (requires root)
// chown($file, 'username');

// Security: Validate file paths
function isPathSafe($path, $baseDir)
{
    $realPath = realpath($path);
    $realBase = realpath($baseDir);

// Check if path is within base directory
    return $realPath !== false &&
        strpos($realPath, $realBase) === 0;
}

// Sanitize filename
function sanitizeFilename($filename)
{
    // Remove directory separators
    $filename = basename($filename);

// Remove special characters
    $filename = preg_replace('/[^a-zA-Z0-9._-]/', '', $filename);

return $filename;
}

$userFile = sanitizeFilename($_GET['file'] ?? 'default.txt');
echo "Safe filename: $userFile\n";

Output

Click Run to execute your code

Check Permissions

<?php
$file = 'example.txt';

echo is_readable($file) ? 'Readable' : 'Not readable';
echo is_writable($file) ? 'Writable' : 'Not writable';
echo is_executable($file) ? 'Executable' : 'Not executable';
?>

Change Permissions

<?php
// chmod(file, permissions)
chmod('file.txt', 0644); // rw-r--r--
chmod('script.sh', 0755); // rwxr-xr-x
?>

Sanitize Filename

<?php
function sanitizeFilename($filename) {
    $filename = basename($filename);
    $filename = preg_replace('/[^a-zA-Z0-9._-]/', '', $filename);
    return $filename;
}

$safe = sanitizeFilename($_GET['file']);
?>

Summary

chmod(): Change permissions
is_readable(): Check read access
basename(): Prevent directory traversal
Validate paths: Always sanitize user input

What's Next?

Congratulations! You've completed Module 9. Next, dive into Database Integration with MySQL!

Previous JSON Files

Next Database Introduction

Check Permissions

Change Permissions

Sanitize Filename

Summary

What's Next?

Enjoying these tutorials?