How to set file permissions for securing website

The setting of website directory file permissions is very important to the security of the website. The following briefly describes the basic settings of website directory file permissions.
We assume that the user and user group running on the http server is www, the website user is centos, and the website root directory is on /home/centos/web.
  • We first set the website directory and file owner and all groups to centos, www, as follows:

    chown -R centos:www /home/centos/web

  • Set the website directory permissions to 750, 750 is the centos user has read and write execution permissions on the directory, so centos users can create files in any directory, the user group has read execution permissions, so that they can enter the directory, other users do not have any permissions.

    find -type d -exec chmod 750 {} \;

  • Set the website file permission to 640. 640 means that only centos users have permission to change the website file. The http server only has the permission to read the file, and cannot change the file.

    find -not -type d -exec chmod 640 {} \;

  • Set writable permissions for individual directories. For example, some cache directories of the website need to have write permission for the http service.
    find data -type d -exec chmod 770 {} \;