I would like some help understanding web-server directory permissions. Apache, CentOS, PHP, Mysql
Example, I have multiple sites in /var/www/html
They are in paths like: /var/www/html/www_domainname_cominside each site I might have a path like /lib/mysql/ like PHP connect stuff, database config, etc.
What should me permissions be so that someone cannot just browse to that directory? Should I just .htaccess them?
I have apache:apache as the owner of all my web directories.
Can I prevent someone from crawling certain directories of my web-server? I have a robots.txt, but what is to say the crawler obeys it?
So to sum up:
1. What is the best owner/permission set for my sensitive files that the web-server or php or mysql needs, but I dont want people browsing to?
- Can I prevent straight out crawling of portions?
Answer
Yes.
What you want to do is impose an open_basedir directive for each site. You specify a directory and therefore no PHP script will be able to crawl out of that directory.
This means that you need a specific directive per website so either you set the aforementioned directive via a .htaccess or via a per-site php.ini.
To implement the last option, you will need suPHP or something similar.
Attribution
Source : Link , Question Author : Community , Answer Author : Antoine Benkemoun
