Apache file access security

I'm trying to figure out what is the best file / user / groups permission for files under my document root?

I have the following file structure



under public_html

- all my php files and directories.

I have one directory /home/user/public_html/files/

where people upload images to this directory.

What is the most secure way to distribute the file permissions / groups / users so that apache can display php files and directories correctly?

Should I make public_html

apache owned? Which group should you use for public_html




source to share

2 answers

My favorite combination of permissions for apache is to give it ownership of apache: apache, all chmod folders up to 550 or 555, and all chmod files up to 440/444. I suggest the following:


owned by apache: apache with 555 permissions (read / x all) /home/user/public_html/files/

owned by apache: apache with 775 (read / write / x with root / apache, read / x for everyone)



First you need to find which user is running the https / apache2 server

ps -aux | grep apache2 


Apache or www-data appears most often p>

We need to install this user

chown -R www-data:www-data /var/www/html


Then the file resolution should be 644 and the folder 755

we can do it using find command

find /var/www/html -type f -not -perm 644 -exec chmod 644 {} \;

find /var/www/html -type d -not -perm 755 -exec chmod 755 {} \;




All Articles