looking best security settings for upload dir?

[RbgoWeb]

I've got a little webserver on my lan running with Linux, MySQL, Apache and PHP to have a dev platform that matches the one of my client. But I don't know much about Linux yet.
I got the file upload functional and the last thing that needed to be done for this was to change the directory permission settings.
In Linux Mandrake there is this permission panel for a directory or file like the following and it show my current settings that enabled the upload as well:

show write enter special
User [ ] [ ] [ ] [ ]set UID
Group [ ] [ ] [ ] [ ]set GID
Others [x] [x] [x] [ ]sticky
Ownership
User [root]
Group [root]

Nice to have the upload working, but actually, concerning security I don't know what I'm doing. Can anyone tell
how this affects the security of the site (maybe even the providers system!), and also tell what could happen and what would be best to do?

 

[sleipnir214]

You have world write permissions on the directory. Definately not a good idea.

All the permissions required are to allow Apache's user or group to write to the directory.

I would set Apache's user as the group setting, give owner group full permissions, and others no permissions.

To modify the chart you showed, assuming Apache runs as the group "apache":

show write enter special
User [X] [X] [X] [ ]set UID
Group [X] [X] [X] [ ]set GID
Others [ ] [ ] [ ] [ ]sticky
Ownership
User [root]
Group [apache]

______________________________________________________________________
TANSTAAFL!

 

[RbgoWeb]

It works! Thank you very much =).
At my client's provider the way site builders can determine dir/file access is through the use of '.htaccess' files.
Do you know what an '.htaccess' file would look like
having these same settings?