此外,我会在 web 根 sudo find 中的所有文件夹上设置 SETGID 位。 -type d -exec chmod g+s {} \;
Set the ownership and group of those two directories to the relevant user, and limit permissions to the owner/group of the directory (basically, remove rwx from others on their directories).
This will need further configuration in the Apache virtualhost to specify which 'user' Apache should read the relevant document root as of : mod_suexec » suexecusergroup
You probably should set your server umask to 007 to maintain this restriction on all new files/folders.
Additionally, I'd set the SETGID bit on all folders in your web-root sudo find . -type d -exec chmod g+s {} \;
发布评论
评论(1)
将这两个目录的所有权和组设置为相关用户,并将权限限制为目录的所有者/组(基本上,从其他人的目录中删除 rwx)。
这需要在 Apache 虚拟主机中进行进一步配置,以指定哪个“用户”Apache 应读取相关文档根目录: mod_suexec » suexecusergroup
您可能应该将服务器 umask 设置为 007,以保持对所有新文件/文件夹的此限制。
此外,我会在 web 根
sudo find 中的所有文件夹上设置 SETGID 位。 -type d -exec chmod g+s {} \;Set the ownership and group of those two directories to the relevant user, and limit permissions to the owner/group of the directory (basically, remove rwx from others on their directories).
This will need further configuration in the Apache virtualhost to specify which 'user' Apache should read the relevant document root as of : mod_suexec » suexecusergroup
You probably should set your server umask to 007 to maintain this restriction on all new files/folders.
Additionally, I'd set the SETGID bit on all folders in your web-root
sudo find . -type d -exec chmod g+s {} \;