[Discuss] file permission exucute questions
Chuck Anderson
cra at WPI.EDU
Sun Sep 29 14:15:21 EDT 2013
On Sun, Sep 29, 2013 at 04:27:41PM +0000, Edward Ned Harvey (blu) wrote:
> > From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> > bounces+blu=nedharvey.com at blu.org] On Behalf Of Eric Chadbourne
> >
> > Got a basic question for you. On web servers I usually set files to 644
> > (-rw-r--r--). A designer I'm working with keeps leaving files
> > (-rw-r--r-x) with the last being execute. Is this bad? Why?
>
> Generally speaking, you're both doing something wrong. Generally speaking, files on a web server should be 640 (rw-r-----)
> Where the file owner is an actual user, strongly secured, complex password or no password (ssh keys only).
> Set the group to something that apache httpd is part of, and also the user is part of.
>
> Set the group sticky bit on the parent directory and recursively.
> sudo chmod -R g+s /var/www/whateverdir
>
> This way, all new files created will belong to the group of the parent directory, rather than the default group of the user account.
You probably want to do that for directories only, not files, since
you might end up inadvertently giving setgid elevated privileges to
any scripts/programs under the web root:
chgrp -R apache /var/www/whaeverdir
find /var/www/whaeverdir -type d -exec chmod g+s {} \;
More information about the Discuss
mailing list