Web-Server directory permissions
Posted
by MLS
on Server Fault
See other posts from Server Fault
or by MLS
Published on 2010-05-17T16:41:48Z
Indexed on
2010/05/17
16:51 UTC
Read the original article
Hit count: 180
Hello All,
I would like some help understanding web-server directory permissions. Apache, CentOS, PHP, Mysql
Example, I have multiple sites in /var/www/html They are in paths like: /var/www/html/www_domainname_com
inside each site I might have a path like /lib/mysql/ like PHP connect stuff, database config, etc.
What should me permissions be so that someone cannot just browse to that directory? Should I just .htaccess them?
I have apache:apache as the owner of all my web directories.
Can I prevent someone from crawling certain directories of my web-server? I have a robots.txt, but what is to say the crawler obeys it?
So to sum up: 1. What is the best owner/permission set for my sensitive files that the web-server or php or mysql needs, but I dont want people browsing to?
- Can I prevent straight out crawling of portions?
© Server Fault or respective owner