Your expert experience and assistance is great, greatly appreciated here.

I have been running a LAMP server for a long time, yet I still struggle with the best way to set file & directory permissions for FTP and WWW protocol activity.

My Control panel is WHM/cPanel (not that it makes a difference), and out-of-the box:

• files are owned by the user account setup in WHM (eg, "abc")
• files have a group setting of "abc" as well
• file permissions are created with 644
• directories are owned by "abc"
• directories have a group setting of "abc"
• directories permissions are created with 0755

Again, these are the default permission settings.

Now everything is fine with FTP activity, but please advise me if any of these file/directory settings create issues, especially with security.

Here's where my struggle comes into play. I have PHP apps that allow a visitor to create, edit, rename, delete, etc. sub-directories and files in certain selected directories. PHP runs as "nobody" on my server.

So in order to get my PHP/Web apps to work, I have had to:

chown nobody *
chgrp nobody *
chmod 0777 *

to everything in these certain & selected sub-directories.

I know this is probably a huge security whole (so don't ask me for any links :) but how should I set all the permissions to allow my FTP user to do his thing while allowing the PHP apps to do their thing will also "minimizing" any security risks and exposures? I know that big CMS systems like Drupal, Joomla, WordPress and so on, handle this.

Thanks ahead of time for reading through this and offering your expert advice!