> I have just installed Apache 2.2 on an Ubuntu 7.04 server (no gui,
> command line only).  I would like advice or a pointer to a guide for
> best practice on setting permissions on the files and directories in and
> below webroot.  What user and group is suggested and what permissions?

Apache has two settings; User and Group, which define the UID and GID that the 
child processes of httpd run as.

I order for these processes to serve content, the UID/GID needs to have 
TRAVERSE (+x) on directories leading up to (and into) the DocumentRoot, and 
READ (+r) permissions on the DocumentRoot and subsequent directories.

Common sense suggests that you _don't_ use the same UID/UID for file/directory 
ownership as httpd runs as, since then httpd can't WRITE to those 

For a server with only one main user (ie: you're running a personal website on 
a server only you login to) I'd do a "chown -R <Your UID>:<Your GID>" so that 
you can maintain the content without being root.
As for permissions, I'd make all directories mode 755, and all files mode 744, 
so you don't inadvertently make scripts executable.

# find <DocumentRoot> -type -f -exec chmod 744 {} \;
# find <DocumentRoot> -type -d -exec chmod 755 {} \;


Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Key: http://keyserver.veridis.com:11371/search?q=0x455420ED

Attachment: pgpeftyHW1XXp.pgp
Description: PGP signature

Reply via email to