Question: How should I setup the permissions in my account for the best security?
Generally speaking, you want permissions to be as restrictive as possible to accomplish the task at hand. In the Kattare hosting environment, we have done everything we can to make our shared accounts as safe as possible. Despite all of our hard work to enable this configuration, it is still important that the designer and maintainer of the site be aware of the following basic rules in order to maintain the best possible security.
Make sure your home directory is mode 711. This will allow you access, but pretty much keep everyone else out unless they specifically know of a file or directory inside your home directory they can poke at. EXCEPTION: If you have requested we turn on ASP.NET... Windows (over Samba) requires that your directory be mode 755 in order to operate. It sucks, but you can still go through your files and restrict things effectively.
- Our scripts will force the document root of any of your domains to be world readable and executable. If we didn't do that, apache wouldn't start. Apache needs to be able to see the document root of the virtual hosts it is serving.
- Generally, within your account the following files should be set to mode 600; *.xml, *.conf, *.php, *.inc, *.jsp, *.jar, *.class.
And, generally, within your account you want the following files to be mode 700; *.pl, *.cgi. EXCEPTION: users that have requested mod_perl will want their PERL files to be world readable and executable.
- Specifically, any files containing database access details or other sensitive information need to be paid special attention. Mode 600 on such files is HIGHLY recommended. As always, we're here for you. Don't hesitate to email us with specific questions and/or suggestions for improvement. Keeping your site secure is of extreme importance!
As always, we're here for you. Don't hesitate to email us with specific questions and/or suggestions for improvement. Keeping your site secure is of extreme importance!