Unix permissions, read vs. execute (PHP context)

Question

I have a php script which needs to connect to a database. The credentials for the database are stored in another php script.

If I set the permissions for the credent

Answer 1

As far as files are concerned, execute permission is irrelevant to you - the user account your web server is running under needs permission to access and read the files in question. In order to traverse into a directory, the user will also require execute permission on that directory.

If you are trying to make your scripts readable by the web server (let's say you're running as the account "www" which belongs to group "www"), and not by other users on the system, here's what I would do (assumes your account is "myuser"):

# Change owner to "myuser" and group to "www" for file(s) in question
chown myuser:www config.php

# 640: myuser has rw-, www has r--, world has ---
chmod 640 config.php

If you want to prevent the world from reading any file in a "secrets" directory, just disable the execute bit:

# 750: myuser has rwx, www has r-x, world has ---
chmod 750 secrets

If you set all your scripts to have execute permission but not read permission, nobody can do anything useful with them (including the webserver) ;-)

Answer 2

Scripts are read, not executed. Execute permission for scripts tells the loader or kernel to read the shebang line and pass the script to the named interpreter.