Most software packages are installed with the most lenient file/directory ownership and permissions by default. This is normally done for the sake of the software developer as they want that their software must be installed on a range of diverse systems with varying configurations. This article gives an overview of how to setup Magento installation with the strictest of permissions for overall security’s sake. So read through to know how to secure Magento file and directory permissions.
There are two environments that one finds while running Linux
Running As the Webserver User
Many dedicated and shared hosting companies run your scripts as the webserver user itself by default. On most Linux systems it is the default operating system and it’s not secure while in a shared environment, it can be partially remedied. This is done by limiting access via stricter file permissions which mitigates some of the inherent security issues. This method is actually desirable in dedicated hosting environments, mainly for performance reasons, and all of the clustered and dedicated Magento SIP plans use this method. When the server is serving a single client none of the shared hosting caveats apply for dedicated servers.
These are the steps we take, followed by the script commands
This method is preferred in shared environments given the extra level of security provided by Linux, if the permissions are configured correctly.