You never mention that your PHP script needs to read from the file. I seriously doubt this is the case, but if it is, you can make the file writable only.
However, if you do need to let PHP read from it, then you must chmod 666 the file.
I can think of workarounds of course. If you're worried about web users accessing the file, then you could use a wrapper (written in C or something).
Try this C code:
/ START PHPFilePass.c /
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define BUF_SIZE 256
void FilePass(char filename) {
FILE fp;
char buf[BUF_SIZE];
if ((fp = fopen(filename, "r")) != NULL) {
while (!feof(fp)) {
if (fgets(buf, BUF_SIZE, fp))
fprintf (stdout, "%s", buf);
}
fclose(fp);
} else {
fprintf (stdout, "** COULD NOT OPEN FILE");
exit(0);
}
}
int main (int argc, char **argv) {
char filename[128];
if (argv[1]) {
strcpy(filename, argv[1]);
FilePass(filename);
} else {
fprintf (stdout, "** NO ARGUMENT GIVEN");
}
return (0);
}
/ END PHPFilePass.c /
To compile this type in "gcc -o PHPFilePass PHPFilePass.c"
This C Code returns a string starting with ** if there is an error. So have PHP check for that.
Put a SUID bit on the file. To do this you would type:
chmod 4755 PHPFilePass
With the suid bit, this means that anyone runs this program will be running it as the owner. So when PHP uses it, it will be running like it is logged in as your user account (rather than the nobody account).
Then all you have to do is chmod the file making it readable only to you.
The PHP Code would look like:
<?php
$fileInfo = /path/to/PHPFilePass $filename;
if ($fileInfo[0] == $fileInfo[1] == '') {
/ An error occured /
} else {
/ you're good to go */
}
?>
