Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Apache Security File Permissions

0
0

I'm trying to figure out what is the best file permissions/user/groups for files under my document root?

I have the following file structure

/home/user/public_html/

under public_html are all of my php files and directories.

I have one directory /home/user/public_html/files/ where people upload images to that directory.

What is the most secure way to distribute file permissions/groups/user so that apache can properly display the php files and directories?

Should I make public_html owned by apache? What group should I use for public_html ?

thanks!

My Favourite mix of permissions for apache is to give it ownership of apache:apache, all folders chmod to 550 or 555, and all files chmod to 440/444. I suggest the following:

/home/user/public_html/ owned by apache:apache with permissions 555 (read/x by everyone) /home/user/public_html/files/ owned by apache:apache with 775 (read/write/x by root/apache, read/x by all)


Viewing all articles
Browse latest Browse all 12749