For a webserver (my first attempt) running on linux, would it be prudent to restrict all "others" from reading/writing/executing ALL files/directories on the filesystem (except the docs I want to serve of course)? For instance suppose all my docs to serve are located in /usr/ and I ran the following command as root...
find / -exec chmod o-rwx {} \;
to remove all permissions on every file/directory on the entire filesystem to "others"
and then
find /usr/ -exec chmod o+r {} \;
to add just read permissions to my "web pages"
and assuming that my intention is just to serve some basic web pages, could things like mysql and/or php stop working correctly?
I'm just trying to understand how to enhance security on a web server at the OS level. It just seems that for a basic setup to just serve web pages, no file/directory should be accessible to the outside world other thaan the docs in my htdocs directory. Thanks for any feedback and/or suggestions.
btw, using LAMPPIX.
find / -exec chmod o-rwx {} \;
to remove all permissions on every file/directory on the entire filesystem to "others"
and then
find /usr/ -exec chmod o+r {} \;
to add just read permissions to my "web pages"
and assuming that my intention is just to serve some basic web pages, could things like mysql and/or php stop working correctly?
I'm just trying to understand how to enhance security on a web server at the OS level. It just seems that for a basic setup to just serve web pages, no file/directory should be accessible to the outside world other thaan the docs in my htdocs directory. Thanks for any feedback and/or suggestions.
btw, using LAMPPIX.