On Oct 16, 2007, at 1:26 PM, Cliff Hirsch wrote:
For the php, html, css, image, & javascript files in a web
application, who should be the owner and group? (assume a dedicated
server).
Should the owner be a user, Apache, a username that is specific to
the application? Should the group be apache?
What is the best permission level? 644, 640?
Thanks,
Cliff
I'd say it really depends (you must have seen that one coming haha).
If your web application needs to write to files then those files need
to be writable to someone, and it's better imho to be writable by a
specific user than "the world". In that case having the files owned
by the user that php will run as is usually safe. Alternatively you
can use group writable permissions. If you don't have to write to the
file system the owner of the files is not so important so long as the
files that you want the world to read are world readable.
My .02
--Mike H
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
