On Thu, 2007-05-24 at 19:57 -0500, Scott Berry wrote: > One other question does the /var/www/html folder have to be world > readable or what permissions are best? Standard permissions are user, group, and other. Anybody connecting to your website is highly unlikely to be a local user. Typically, they're an other person, so that's the traditional way to configure things for web serving: Making files readable for the other user, and making directories readable and executable for the other user. Parent directories have to be executable for the other user. The /var/www/html directory path is already set with the standard permissions. User permissions apply to the author/maintainer of the site. Group permissions are usually ignored, unless you're doing group projects and making use of them for authoring purposes. Additionally, keep the files and directories in there owned by someone other than Apache. You want other people to be able to read them, you don't want others to be able to write them. Apache will try and use the files as the apache user, since it doesn't actually own the files (and shouldn't), the other user permissions will be applied. Some example minimum permissions: rwx-----x root root /var/ rwx---r-x root root /var/www/ rwx---r-x root root /var/www/html/ rwx---r-- tim root /var/www/html/homepage.html rwx---r-x tim root /var/www/html/images/ rwx---r-- tim root /var/www/html/images/picture.jpeg -- (This box runs FC5, my others run FC4 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
