> I have just installed Apache 2.2 on an Ubuntu 7.04 server (no gui, > command line only). I would like advice or a pointer to a guide for > best practice on setting permissions on the files and directories in and > below webroot. What user and group is suggested and what permissions?
Apache has two settings; User and Group, which define the UID and GID that the
child processes of httpd run as.
I order for these processes to serve content, the UID/GID needs to have
TRAVERSE (+x) on directories leading up to (and into) the DocumentRoot, and
READ (+r) permissions on the DocumentRoot and subsequent directories.
Common sense suggests that you _don't_ use the same UID/UID for file/directory
ownership as httpd runs as, since then httpd can't WRITE to those
directories.
For a server with only one main user (ie: you're running a personal website on
a server only you login to) I'd do a "chown -R <Your UID>:<Your GID>" so that
you can maintain the content without being root.
As for permissions, I'd make all directories mode 755, and all files mode 744,
so you don't inadvertently make scripts executable.
# find <DocumentRoot> -type -f -exec chmod 744 {} \;
# find <DocumentRoot> -type -d -exec chmod 755 {} \;
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Key: http://keyserver.veridis.com:11371/search?q=0x455420ED
pgpeftyHW1XXp.pgp
Description: PGP signature
