I'm creating a website that uses php and mysql. I keep all my mysql access data in a ini file called "config.ini". This file needs to be secure so malicious users cannot get access to mysql access data. The problem occors when a php tries to access it as it access it as the user "www-data" which is not a root user is denies the request. If I then allow permission to "www-data" via the this command.
sudo chown -R root:www-data config.ini
sudo chmod -R g+s config.ini
$conf = parse_ini_file('config.ini');
$conn = mysqli_connect($conf["host"], $conf["user"], $conf["password"], $conf["database"]);
sudo chown root:www-data config.ini
sudo chmod 640 config.ini
If you're concerned about malicious access, which of course is a good thing to be concerned about, make sure your
.ini file is not in any directory that your web server is configured to serve from. That is, make absolutely sure this is outside the web-root of your site.
Secondly, you can usually configure your web server to refuse to serve
.ini files. You'll also want to ensure that things like directory indexes are turned off so people can't poke around.