On Sat, Jan 25, 2014 at 7:33 AM, Joseph Hesse <joehesse at gmail.com> wrote: > I am running a Lamp server on a CentOS 6.5 box. It works fine, I am > concerned that I may have the wrong file/dir permissions. > > The directories /var and /var/www are root:root and 755. > > For /var/www/html and all directories underneath I have apache:apache > and 770. > > For all files under /var/www/html I have apache:apache and 660. > > Are these these permissions OK? > > Thank you, > Joe > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > the problem with your /var/www/html permissions is the user/group "apache" can write to directories and files. which can be used by anyone on the internet(bad guys) to use potentially exploitable dynamic pages(.php/.cgi/etc) to add/modify files on your server. this is a bad thing. SELinux may offer some protections. i would: chmod -R g-w /var/www/html chown -R somewebuser /var/www/html (replace somewebuser with the unix user account to modify the website.) http://wiki.apache.org/httpd/FileSystemPermissions