Permissions for static website files

Anton

4/19/24, 1:25 AM

The question is about best practices, not an exact problem.

What is correct ownership and permissions for static website files and directories? I’m going to use root:<server-group> with permissions 640 for files and 750 for directories. So the server can read everything because of group permissions, but the regular user can’t modify the files accidentally or on purpose without explicitly using sudo.

Or maybe there is a better practice I’m unaware of? My approach looks a little overcomplicated.

1 + 2

nginx

apache2

Pothi Kalimuthu

4/19/24, 3:01 AM

Welcome to ServerFault. Your approach looks okay to me.

Anton

4/19/24, 8:33 AM

Thank you, @PothiKalimuthu

Score:0

Server

John Mahowald

5/12/24, 2:48 PM

root is not necessary to prevent users from modifying files people are responsible for. The same can be accomplished by giving ownership to an unprivileged user, such as a service user that syncs the files.

Ideally not the user the web server run as, nor any specific person, just some automation user that does file transfers. People responsible for content stage files to some storage, and when ready to deploy the file transfer copies them into place. No need for people to touch the production web servers, and no need for special privilege.

Owned by root, should be necessary to restructure or change files, an administrator or automated script may need to become root. Which is very high privilege, capable of removing security measures or otherwise breaking the host.

Sure, it makes sense for mounts points or software packages to be owned by root, so it takes privilege to change the system. If for example, a web site content is at /srv/www/example.net/, /srv/ and /srv/www/ could be owned by root, and the web sites such as /srv/www/example.net/ owned by unprivileged users.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Permissions for static website files

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.