I am running apache and my php site uploads images towards the server. should apache upload dir have 777 permissions or fit in with www-data user? Wouldso would this affect backing some misconception?
I believe read + write permission is sufficient. read for backup, write for upload. It appears that nobody ever have to execute anything.
And you ought to only grant permissions to nobody need them. For instance, grant write permission to www-data. And when you utilize another-user to complete support, only grant read permission to a different-user.
It is recommended to stay away from 777
That is dependent on the thing you need from this. It is best to make use of the most limited permissions that enables you to do the thing you need.
Browse the guy page for chmod(1) to understand exactly what the various permission bits mean. And perhaps provide more detail regarding your situation, so someone can offer a particular answer for you personally.
First of all the apache server must run like a non-fortunate user. Second the upload directory should just have 600 because the permission (rw) iirc. This can permit the user that's running apache to create to that particular directory. The practical attack against an internet server would be to trick it into conntacting a directory and getting it execute the code that's placed there.