Home Account Access Linux Basics Web Site Basics Web Site Security Policies Contact Me		Web Site Security. File Permissions for Web Files Linux file permissions control access to you (owner), your group and all other users (world). By default Apache runs as the apache user (in this case www). So when a request is made to your web file the www user needs to read that file. So in order for the Apache web server to read your files you must have permissions of xx4 or better. SUEXEC is used to circumvent this issue for CGI files. SUEXEC is an Apache module which allows cgi to run as the user of the file not www. This means for CGI's the permissions can be as low as 500. Unfortunetly there exists no such module for other files such as HTML or PHP. Therefore all other files must have a permission of xx4 or better. This also means that anyone on the server can read your files (such as PHP files) which might contain sensitive information such as user names and passwords or intellectual property. In this case it is both. You don't want others stealing your homework do you? How do you secure the files? Hosting companies jail the users in their home directory and use PHP in safe mode. Therefore they cannot browse or read files outside of their home directory. Although PHP is running in safe mode on this server we do not jail our users as it interrupts with the instructions of some of the online courses. So instead of jailing we have a utility you may use to secure your files from other prying students. chwww chwww is a program which will help secure the files you want to keep private on this server. chwww will change the group owner of the file(s) to the apache web server group. It will also change the permissions to x50 (x = undisterbed permissions). This means that only the owner and the Apache web server can now read and execute this file. All other users can not gain access to the source of these files. This program is very easy to use. Simply supply chwww with a list of file names. chwww index.html ( Change index.html ) The program also supports wildcards. chwww public_html/*.php ( Change all PHP files in public_html) There are 2 important restrictions of chwww The file(s) must be owned by the user running chwww. The files must reside within your home directory. This means even if you own a file in another users directory you cannot run the chwww program on it. * chwww is a utility that I wrote therefore you will not find it on other Linux servers.