secure chmod of php, html, css, js, png, folders? [closed]

Question

I have a localhost with files all 777 permission. but if i want to upload them on a real server, what is their correct secure permission for each file type:

php, html, css, js, png and directories

thanks a lot

Answer 1

Assuming that you are running Apache and it's executing as an unprivileged user, the web server needs to be able to read and serve up your content.

For directories, Apache needs both read and execute. HTML, JS, CSS, and image files only need read permissions. Executable scripts such as PHP require both read and execute to function as intended. So for directories and PHP scripts, you'd want to use o+rx or in octal possibly 755 depending on how you want group ownership set. And for non-executable content such as HTML, JS, CSS, and image files, you'd use o+r or 744 in octal.

The octal number is a series of bitflags for owner, group and other, respectively. 1 corresponds to execute, 2 corresponds to write and 4 corresponds to read.

To determine what the flag is, you add up each of the bits for each group. So 755 means the owner has full permissions (1+2+4) and the group and other have read and execute permissions (1+4).