File Permissions
From Campus Web Server Help
There are many who would pervert the intended use of your site. Some would like to deface your site. Others would leech server resources subtly to serve up weight loss or drug ads. You must secure your site by using appropriate file permissions.
Files in your directories should be owned by you and no other user. Let us know if you find some owned by other users in your folder. This may be an indication of malicious activity, especially if the files are newer than 10/17/2011.
Static files such as stylesheets, HTML, javascript, images and movies are usually accessed directly by the Apache web service. These must be readable by everyone (aka "other" user). Scripts and files accessed only via scripts need not be accessible by anyone but your user.
If logged in with SSH, these permissions can be changed with the chmod command. For more information about chmod, run man chmod from the command-line.
Recommended Permissions
Files
| File Type | Octal Notation | Symbolic Notation |
|---|---|---|
| static content (images, stylesheets, HTML, javascript, etc) served directly by the web server | 644 | rw-r--r-- |
| PHP and PHP-included code | 600 | rw------- |
| perl and other standard CGI scripts | 700 | rwx------ |
| files that should be readable by PHP or CGI | 400 | r-------- |
| files that should be writable by PHP or CGI | 200 | -w------- |
| files that should be readable AND writable by PHP or CGI | 600 | rw------- |
| /usr/www/$environment/$username/wrappers/php-cgi (runs as site owner's username) | 700 | rw------- |
Directories
| Directory Type | Octal Notation | Symbolic Notation |
|---|---|---|
| contains only files accessed by scripts | 700 | drwx------ |
| contains static content, such as stylesheets, HTML, images, or javascript, specifically requested PHP and CGI scripts | 711 | drwx--x--x |
| /usr/www/$environment/$username/wrappers (before su to user, it tries to access the php-cgi script as the apache user) | 711 | drwx--x--x |
