[CentOS] Permissions for LAMP

Sat Jan 25 13:32:19 UTC 2014
Steven Tardy <sjt5atra at gmail.com>

On Sat, Jan 25, 2014 at 7:33 AM, Joseph Hesse <joehesse at gmail.com> wrote:

> I am running a Lamp server on a CentOS 6.5 box. It works fine, I am
> concerned that I may have the wrong file/dir permissions.
>
> The directories /var and /var/www are root:root and 755.
>
> For /var/www/html and all directories underneath I have apache:apache
> and 770.
>
> For all files under /var/www/html I have apache:apache and 660.
>
> Are these these permissions OK?
>
> Thank you,
> Joe
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

the problem with your /var/www/html permissions is the user/group "apache"
can write to directories and files. which can be used by anyone on the
internet(bad guys) to use potentially exploitable dynamic
pages(.php/.cgi/etc) to add/modify files on your server. this is a bad
thing. SELinux may offer some protections.
i would:
  chmod -R g-w /var/www/html
  chown -R somewebuser /var/www/html
(replace somewebuser with the unix user account to modify the website.)

  http://wiki.apache.org/httpd/FileSystemPermissions