Once we are all aware by using shared website hosting other customers (websites) files might be revealed to others if 'others' possess the (read) permission .

I believe 0700 or 0711 permission is the greatest way( in hosting that is shared) to safeguard important files the contain secret information .

I guess the server is applying suPHP or any similar module to ensure that keep your UID from the process is equivalent to who owns the files being utilized.

What exactly would you say ?

You're correct. 700 would ensure nobody can read/write/execute that file, except the dog owner. To ensure that could be adequate! Just in case it will be performed, 711, else, 700.

However, if some operation including that file fails, you should look at 711.

EDIT: As you've pointed out, whether it consists of an association string, you are able to securely think that nobody must be given write rights, and provide everybody execute rights. So, 511(that is r_x __x __x) must do it.

You will need execution privileges just for sites, in case your files are PHP source files you don't need execution privileges.

0640 and 2750 are usualy good privileges for correspondingly Files and Sites (the two within the directory privileges result in the new files inherit user &lifier number of your directory).

That's for files:


And sites


That is right when the webserver is applying the audience privileges and also the FTP-or-such user being the dog owner. With Suexec and the like you can maybe adjust these configurations depending of who's the dog owner and who's the net readers (user? group?), the net readers doesn't need write access, except maybe on some specific sites with respect to the application.

And don't forget files &lifier sites privileges are just some point in separation of user inside a shared envirronment. For PHP envirronments using per-user open_basedir configurations, temporary files and upload sites and per-user session sites is usually a good idea (that may be defined in per-user virtualhosts).