I am about to put a program that I have put some serious time and money into, out into the open source world. It is a web based app, written largely in PHP and HTML, with a MySQL database. But I have some questions, so here goes:
1. what should file permissions be for my files? (all files live under the Apache document root dir, i.e. /srv/www/htdocs).
2. what should owner and group be for these files? I have seen root, and I have seen nobody.
3. Two subdirectories need to be writable as well as readable. (for example, let's say the program resides in /srv/www/htodcs/myprog. I have two directories under myprog that need to be writable and readable).
4. And lastly, when my script goes to write in those dirs, I am getting an error, and it is because i am referencing $_SERVER['DOCUMENT_ROOT'], when in fact, I should be referencing the subdirectory under THAT that the user has installed in. Obviously, I haveno control what sub dir they might put it under. Which raises the whole nasty issue of configuration files that might store all this good info, I have read never to put them in the document root dir, but if i don't, where do i put them, and permissions again? I need a decent example of a config file being wirtten thru a web browser!
1) This will be set to 644 for files and 755 for folders by default whenever a user uploads them to their site
2) This will also automatically be set to the right users appropriatly when someone uploads the files to their site
3) CHMOD the two folders to 0777, the users will need to manually do this also, in order to write or edit files in them. Be sure to add a completely blank file named index.html in both of them so users files don't get tampered with.
4) The error should be solved by doing what i said in 3