Where should PHP files be stored?

Hatchmo

I submitted a support ticket to our hosting service when I had difficulty running a PHP script outside of http root. Here is their reply:

We recommend trying to put all or most of your folder configuration within the document root, and to use password protection, or otherwise harden your system permissions in order to make them less publicly accessible.
If you insist on running files and folders outside of your document root, I'm afraid it will be unsupported, as those are completely custom changes, which deviate from the standard scope of support.

Does this make sense? I have always felt that PHP scripts not intended for public use should be executed outside document root.
I'm not talking about include files, but, say, files that are cron jobs.

NogDog

As long as the directory is readable by the web server user which executes your PHP script (note that this is typically not your login account user) and there is no open_basedir restriction in place preventing your script from accessing files from that directory, then it should be possible. The fact that (usually) your PHP web pages are run by that web server user, you'll probably have to give read/execute permission on that directory for all users, and read permission to all users on the actual files.