A LAMP Stack is a term for: Linux, Apache, MySQL, PHP (and/or Perl and/or Python)
This file aims to give you information on how to correctly configure Apache 2 in your LAMP Stack for a Production Environment and a Development Environment.
Note: In a Production Environment you will also need to read and implement the information from the Apache2 Documentation: [https://httpd.apache.org/docs/2.4/] [https://httpd.apache.org/docs/2.4/misc/security_tips.html]
The default permission for /var/www itself is: owner root:root and mod 755.
For anything inside /var/www, you have the privilege of deciding for yourself what to put in it and what permissions everything in it should have. What makes the most sense is:
Most files should be writeable by whichever user or group is going to be writing to them the most. You can set them to be owned by your user account. Or set up a custom group for your developers. Or if the files will be modified rarely and you want good security, you can use root:root and just sudo in on the rare occasions they'll be modified.
Most files should not be world-writeable.
So, 644 for files, and 755 for directories is appropriate (or 664 and 775 if you want to give a group write access).
It is also a good idea to limit the files which the server can write to. If you are using a Framework, then you have to allow the server to write to and create files during development. Change the ownership and permissions on the Production Server.
Remember, the server has to write "logs", so these log directories must be writeable by the server.
Directories = 775, Files = 664
sudo chmod -R u+rwX,go+rwX,o-w /var/www/public_html
Directories = 755, Files = 644
sudo chmod -R u+rwX,go+rX,go-w /var/www/public_html
Directories = 700, Files = 600 (this can cause problems in some circumstances)
sudo chmod -R u+rwX,go+rX,go-rwx /var/www/public_html
sudo chown -R www-data:www-data /var/www/public_html
or
sudo chown -R $USER:www-data /var/www/public_html
Leave this file as is. Unless you want to change the user or the group for easier file editing (If you need Virtual Hosts, uncomment the line "Include conf/extra/httpd-vhosts.conf" or add it to the bottom of the file if it is missing )
Directories = 775, Files = 664
sudo chmod -R u+rwX,go+rwX,o-w /var/www/
sudo chown -R $USER:www-data /var/www
sudo nano /etc/httpd/conf/httpd.conf