Inspired by the discussion in this question, a maybe stupid question.
We have all been taught that leaving directories or files on Linux-based web hosting with the permission level of
Here's one scenario:
system()call in it to the shell script.
If this directory is 777, that means that anybody (including the user apache, which is what php script will execute as) can execute it! If the execute bit is not set on that directory and presumably the files inside the directory, then step 3 above would do nothing.
edit from the comments: it's not the PHP file's permissions that matter, it's the
system() call inside the PHP file that will be executed as a linux system call by the linux user apache (or whatever you have apache set to run as), and that is PRECISELY where the execution bit matters.