|
On 12/5/2016 4:17 PM, Tim wrote:
Generally speaking, files to be served from /var/www/html are served as
files owned by the author, with world-readable permissions (Apache reads
files as "other" users.
example.html -rw----r--
rw- Owner readable and writable, for you to work with your files.
--- Group user permissions are generally ignored.
r-- Other user's readable permissions pertinent to Apache's access.
(Files can have execute bits set, and Apache treats them specially,
allowing it to parse the file and insert variables, follow instructions
in the HTML, etc.)
Directories are similar, with the exception that you also need to add
the executable bit to the other permissions.
example/ drwx---r-x
rwx Owner readable, writable, executable for *you* to work with your files.
--- Group user permissions are generally ignored.
r-x Other user's readable and directory-accessible permissions pertinent to Apache's access.
This is insecure. If I have a local account I can copy all your
code. Or lookup your database
id and password.
A better solution is (assuming your id=gour):
find /var/www/html -type d -exec chmod
2750 {} \;
find /var/www/html -type f -exec chmod 640 {} \;
chown -R gour:apache /var/www/htm/*
Now you can edit, apache can read-only, and the world gets nothing.
All new files/folders get
apache as the group id since you're using the group sticky bit.
Create new folders with
permissions 2750; new files with 640.
Bill
|
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
