[nycphp-talk] Php file owner, group and permissions
Michael Hernandez
sequethin at gmail.com
Tue Oct 16 13:36:45 EDT 2007
On Oct 16, 2007, at 1:26 PM, Cliff Hirsch wrote:
> For the php, html, css, image, & javascript files in a web
> application, who should be the owner and group? (assume a dedicated
> server).
>
> Should the owner be a user, Apache, a username that is specific to
> the application? Should the group be apache?
>
> What is the best permission level? 644, 640?
>
> Thanks,
> Cliff
I'd say it really depends (you must have seen that one coming haha).
If your web application needs to write to files then those files need
to be writable to someone, and it's better imho to be writable by a
specific user than "the world". In that case having the files owned
by the user that php will run as is usually safe. Alternatively you
can use group writable permissions. If you don't have to write to the
file system the owner of the files is not so important so long as the
files that you want the world to read are world readable.
My .02
--Mike H
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20071016/ca9af221/attachment.html>
More information about the talk
mailing list