Web-Server directory permissions

Posted by MLS on Server Fault See other posts from Server Fault or by MLS
Published on 2010-05-17T16:41:48Z Indexed on 2010/05/17 16:51 UTC
Read the original article Hit count: 180

Filed under:
|
|
|

Hello All,

I would like some help understanding web-server directory permissions. Apache, CentOS, PHP, Mysql

Example, I have multiple sites in /var/www/html They are in paths like: /var/www/html/www_domainname_com

inside each site I might have a path like /lib/mysql/ like PHP connect stuff, database config, etc.

What should me permissions be so that someone cannot just browse to that directory? Should I just .htaccess them?

I have apache:apache as the owner of all my web directories.

Can I prevent someone from crawling certain directories of my web-server? I have a robots.txt, but what is to say the crawler obeys it?

So to sum up: 1. What is the best owner/permission set for my sensitive files that the web-server or php or mysql needs, but I dont want people browsing to?

  1. Can I prevent straight out crawling of portions?

© Server Fault or respective owner

Related posts about apache

Related posts about php