I am trying to understand why Apache can still maintain a PHP file after I set the permissions to 000 and give root ownership to the owner.
If I create a PHP file owned by a web server with 644 permissions, it will be served correctly. If I then change the permissions to 000 and change the ownership of root, the file will still be served, but I donโt think it should be!
If I restarted Apache, the file will not be used. I get 500, and the error log grumbles that you cannot open the file, and that is exactly what I expected.
After rebooting, when the file will not be serviced, if I go back to the web server and go back to 644, the file will be downloaded again without having to restart apache.
This behavior applies only to PHP files. HTML files behave as I expected, once you delete permissions, the files will not be served.
I was asked that Apache could support the file descriptor in the PHP file and that it did not see permission changes until it was restarted. I tried using lsof in the file but did not see any open file descriptors.
I also tried and experimented where I started with owning a web server and 644 permissions, and verified that the file could be sent. Then I renamed the file, changed the permissions to 000 and root ownership, and then moved the file back. After that, the file was still served by Apache.
Can anyone shed light on what is happening here?
source share