[Discuss] file permission exucute questions

Edward Ned Harvey (blu) blu at nedharvey.com
Sun Sep 29 12:27:41 EDT 2013


> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Eric Chadbourne
> 
> Got a basic question for you.  On web servers I usually set files to 644
> (-rw-r--r--).  A designer I'm working with keeps leaving files
> (-rw-r--r-x) with the last being execute.  Is this bad?  Why?

Generally speaking, you're both doing something wrong.  Generally speaking, files on a web server should be 640 (rw-r-----)
Where the file owner is an actual user, strongly secured, complex password or no password (ssh keys only).
Set the group to something that apache httpd is part of, and also the user is part of.

Set the group sticky bit on the parent directory and recursively.
sudo chmod -R g+s /var/www/whateverdir

This way, all new files created will belong to the group of the parent directory, rather than the default group of the user account.



More information about the Discuss mailing list