Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Consider the “need to know” principle. For example:

  • Does every user need to read all files?
  • Does every user need to list all directories?

If your web server runs with uid webserver, why not give read permissions for all files and execute permission to all directories for webserver only? Then you would have to decide who (if ever) is going to be allowed to update/create/remove any files.

Also if the system supports ACLs (setfaclgetfacl), consider using them. I.e.: Assign rights to indicidual users instead of groups or world.

One Response to Hello world!

Leave a Reply

Your email address will not be published. Required fields are marked *