I'm currently setting up a new server and having doubts about my file/folder permission settings again - no matter how much I research this, I never get what I would consider to be a comprehensive answer on the subject as the posts I've read all seem to contradict each other in slightly different ways, so I'd appreciate some input from the experts here please
First, the set-up:
1. I'm using CentOS and Apache is running as "apache".
2. There's only one site running on the server, and the document root is "/var/www/html".
3. I also have aliases to phpMyAdmin and Xcache, which live outside the web root in directories like "/usr/share/phpMyAdmin", etc.
4. There is no requirement for users to upload files to the server, or for Apache to create or modify any of the files on the server.
My questions are:
1. Which user should own the web root folder?
2. Is it a bad idea to assign ownership of the files in the web root to "apache" even if it doesn't have write privileges for those files, or should I create a separate user for this purpose? The way I've done this before is that I've created a user specifically for FTP duties and this user owns the files but belongs to the "apache" group, and the "apache" group can read those files. I'm not saying this is necessarily right, just how I've done it before.
3. What about files outside of the web root, such as phpMyAdmin? At the moment, I set "apache" as the owner of these folders, and the files inside with permissions of 400.