Hi SO,
I've got a LAMP webserver running my homepage (index.html in var/www/). I'd like to know in general how to set my file permissions so that browsers can't access anything besides the html/php files I want to show. Right now I've sort of accidentally chmodded everything to 777. I understand that .htaccess only protects the www folder and inwards... How can I set my permissions so that I have an svn folder that svn can still access but browsers can't?
In security you should follow the paradigm of "Least Privilege Access". It is best to do a chmod 500 -R /var/www chown www-data -R /var/www. This is assuming that your php code is running as www-data, you could run a <?php system('whoami')?> to verify your user account.
A chmod 500 gives the web root read and execute privileges. Write privileges is very dangerous as this is vital for defacing your site. The last number should always be zero, this is global privileges and you don't want any other account/process accessing your webroot.