Welcome to WordPress. This is your first post. Edit or delete it, then start writing!
Consider the “need to know” principle. For example:
- Does every user need to read all files?
- Does every user need to list all directories?
If your web server runs with uid
webserver, why not give read permissions for all files and execute permission to all directories for
webserver only? Then you would have to decide who (if ever) is going to be allowed to update/create/remove any files.
Also if the system supports ACLs (
getfacl), consider using them. I.e.: Assign rights to indicidual users instead of groups or world.