Updating User Permission Settings in Apache

Setting proper permission settings can help secure your Apache server, while also providing web administrators with proper access to build, update and maintain sites. The base level user on an Apache server is the root user, which has complete read and write access to all files on the server. Importantly, you should keep this username private at all times since it has access to the httpd binary file which controls administrative access to the server.

After you have installed apache you should change the CHMOD user settings to ensure only the root user has proper access to write the files on your server:

chown -R root:root /usr/local/apache
find /usr/local/apache -type d | xargs chmod 755
find /usr/local/apache -type f | xargs chmod 644

These settings stipulate that the only user able to write files on the server is the root owner. If you’re working with a development team you can establish other classes of users which have their own specific write permissions – however, root should remain the only user with comprehensive access to the server’s directories and files.

In order to specify more granular user access to specific files or directories you can run a specific command after creating the user on your Apache server. Always keep track of the user in case you have to delete or modify their permissions at a later date:

chown -R {username} { file/dir path}

When you need to update universal read or write permissions never establish full 777 CHMOD permission on any folder or file, as this can pose a security risk. Instead you can CHMOD 655 which allows for execution of basic scripts and content on the HTML files without opening up the full vulnerability. Keep private folders write protected, and further limit access to these directories via password protection to ensure privacy.