On 12 March 2013 15:21, Matthew Byng-Maddick
<mbm@colondot.net> wrote:
The permissions you *actually* want for a web root are:
drwxr-xr-x root root
This is because the owner is allowed to change the permissions, so you
don't want your webserver to be able to write to its own serving
directory, and you need it to be able to search and actually chdir() into
that directory.
I'm glad someone else noticed that - it's a REALLY bad idea to have anything inside the docroot writeable by the webserver, it makes it much easier for you to cause Andy to send another security incident to the list. Use Matthew's suggestion above, I've occasionally gone a step further and use rwxr-x--- root:webserver.
--
Robert Gauld
http://www.robertgauld.co.uk