I’m new to DreamHost, having just switched over from 1&1. I don’t understand how DreamHost sets up security, so I have a couple of questions on UNIX permissions and DreamHost’s setup.
My home directory has permissions of 751. I am not comfortable with world access, but it seems that if I set the permissions to 750, then apache can’t access my web directories (I get a 403 Forbidden error). I reset the permissions back to 751, but my worry is that anyone who has a shell access to that server can get to any files in my web directory. Obviously, setting up a .htaccess file isn’t going to stop someone from cd’ing into the directory and catting out the files. I know that the lack of read access on the directory prevents them from seeing what’s in my home directory, but if they can guess the path to the web root (and the default value is pretty obvious) then they can just cd into there and start looking around.
I had seen some postings that said that the server was running with uid change, but that doesn’t seem to be happening in this case. Do I need to configure something special on the control panel? How do others handle securing sensitive files (such as php includes that contain database connection strings)?