I'm trying to configure a Linux server with secure permissions in /var/www. I've read that you shouldn't add your user account to the www-data group for various reasons. Instead, it's best (I'm told) to create a separate developer's group.
Here's what I came up with:
Code:group add developers
Code:usermod -a -G developers my_account
Code:chown -R root:developers /var/www
Code:find /var/www/ -type d -exec chmod 2775 {} \;
Code:find /var/www/ -type f -exec chmod 664 {} \;
Finally, I'd set the default umask to:
Code:umask 002
Questions:
(a). Is this reasonably secure? (b). Is any of this redundant? (c). Does this setup require any change of the default umask? If so, to what?
Bookmarks