Created
December 31, 2013 07:43
-
-
Save joycse06/8193770 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/ directory for your web content: | |
| For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root): | |
| chmod go-rwx DIR (nobody other than owner can access content) | |
| chmod go+x DIR (to allow "users" including _www to "enter" the dir) | |
| sudo chgrp -R _www ~/my/web/root (all web content is now group _www) | |
| chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content) | |
| chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www) | |
| All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment