File permissions for Rails app - how much can I lock it down?

I want to lock down my site as much as possible and would like to set the file permissions as restrictively as possible.

Is there any reason that any file used by my app but not in the /public directory needs or should have Read, Write, or eXecute for Public permissions?

Thanks,

Bill

If you are running mongrel then all of your apps code outside of
public can be locked down to just the user that mongrel runs as.

-Ezra

Hi Ezra,

Ezra Zygmuntowicz wrote:

If you are running mongrel then all of your apps code outside of
public can be locked down to just the user that mongrel runs as.

Thanks much for that info. Does that change when I stop / start mongrel? Like its pid? Or is it a constant? In any event, I assume that mongrel is at least part of the Group, so I can get started on changing all the Public permissions anyway. Thanks!

Best regards,
Bill

Wouldn’t you want log to be an exception? I just this weekend locked my username out of a logfile created by my app and had to read it as root. Heh.

RSL

Hi Russell,

Exactly the kind of thing I imagined myself doing, and why I asked here before I dug myself into a hole :wink: Thanks.

Bill