Folder users / permissions

#1
Good day all,

On centos 6 I installed some CMS. For some specific actions, it looks like "apache" or "nobody" permissions are required. How do you set them up properly ? I get ride of my 0777 but is there some tutorials or best practices to follow ? Should I make use of lsadm ?

Here is my current settings:

My group now looks like (summary from /etc/group):
Code:
wheel:x:10:peter
nobody:x:99:lsadm,peter
peter:x:500:
mysql:x:499:
lsadm:x:498:lsadm
apache:x:501:peter,nobody
My main repositories now look like (summary)
Code:
drwxr-xr-x  3 peter apache 4096  2月 15 01:21 2015 cgi-bin
drwxrwxr-x 16 peter apache 4096  2月 18 00:02 2015 html
The files I'm manipulating inside html (upload, publish, etc... ) become
Code:
-rw-rw-rw-  1 nobody  nobody foo.jpg
-rw-rw-rw-  1 nobody  nobody hoge.html
-rw-rw-rw-  1 peter apache bar.php
Thank you for your help / feedback
 
#3
Hmm, I've been meaning to ask the same question. Mine would be set up like this, assuming a default path:
Code:
peter:peter /usr/local/lsws/domain.com
lsadm:lsadm /usr/local/lsws/domain.com/conf
root:root /usr/local/lsws/domain.com/logs
peter:nobody /usr/local/lsws/domain.com/html
peter:peter /usr/local/lsws/domain.com/html/* (everything in html folder)
"peter" would be my sftp user. Folders are 755 and files are 644. Any suggestions on this setup? I might try turning them to 700 and 600 respectively according to that guide. I'm not sure if I have the correct user owning the listed directories though... Well at least I know the conf directory is correct!
 
#4
@Pong Thank you. Habits with apache and www-data like are not good. Switching everything to nobody works perfectly actually.

@Fearless I'm not sure too. Basically when I upload, publish or modify something I tested nothing is executable and nobody outside nobody group can touch
 
Top