Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
------ Original Message ------ From: "Chuck Anderson" <cra at wpi.edu> To: discuss at blu.org Sent: 9/29/2013 2:15:21 PM Subject: Re: [Discuss] file permission exucute questions >On Sun, Sep 29, 2013 at 04:27:41PM +0000, Edward Ned Harvey (blu) >wrote: >> > From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- >> > bounces+blu=nedharvey.com at blu.org] On Behalf Of Eric Chadbourne >> > >> > Got a basic question for you. On web servers I usually set files to >>644 >> > (-rw-r--r--). A designer I'm working with keeps leaving files >> > (-rw-r--r-x) with the last being execute. Is this bad? Why? >> >> Generally speaking, you're both doing something wrong. Generally >>speaking, files on a web server should be 640 (rw-r-----) >> Where the file owner is an actual user, strongly secured, complex >>password or no password (ssh keys only). >> Set the group to something that apache httpd is part of, and also the >>user is part of. >> >> Set the group sticky bit on the parent directory and recursively. >> sudo chmod -R g+s /var/www/whateverdir >> >> This way, all new files created will belong to the group of the >>parent directory, rather than the default group of the user account. > >You probably want to do that for directories only, not files, since >you might end up inadvertently giving setgid elevated privileges to >any scripts/programs under the web root: > >chgrp -R apache /var/www/whaeverdir >find /var/www/whaeverdir -type d -exec chmod g+s {} \; > Most excellent advice. Gives me plenty to research. Thanks -- Eric Chadbourne http://theMnemeProject.org/
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |