You will typically want the files to be owned by a user, such as root, that limits the write permissions (to root only). This will help to prevent anyone from changing the files should they gain control of Apache. You can then make the files group read permissive and use a group such as www-data as Apache needs to be able to read, but not write, to the files. This would give you root.www-data. Directories, of course, need to have executable permissions.
|