------ Original Message ------
From: "Chuck Anderson" <[email protected]>
To: [email protected]
Sent: 9/29/2013 2:15:21 PM
Subject: Re: [Discuss] file permission exucute questions
On Sun, Sep 29, 2013 at 04:27:41PM +0000, Edward Ned Harvey (blu) wrote:
 > From: [email protected] [mailto:discuss-
 > [email protected]] On Behalf Of Eric Chadbourne
 >
> Got a basic question for you. On web servers I usually set files to 644
 > (-rw-r--r--). A designer I'm working with keeps leaving files
 > (-rw-r--r-x) with the last being execute. Is this bad? Why?

Generally speaking, you're both doing something wrong. Generally speaking, files on a web server should be 640 (rw-r-----) Where the file owner is an actual user, strongly secured, complex password or no password (ssh keys only). Set the group to something that apache httpd is part of, and also the user is part of.

 Set the group sticky bit on the parent directory and recursively.
 sudo chmod -R g+s /var/www/whateverdir

This way, all new files created will belong to the group of the parent directory, rather than the default group of the user account.

You probably want to do that for directories only, not files, since
you might end up inadvertently giving setgid elevated privileges to
any scripts/programs under the web root:

chgrp -R apache /var/www/whaeverdir
find /var/www/whaeverdir -type d -exec chmod g+s {} \;


Most excellent advice.  Gives me plenty to research.

Thanks

--
Eric Chadbourne
http://theMnemeProject.org/

_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to