Locking down permissions on a RoR project

rubyonrails-talk
1

I am on a shared server (DreamHost). My RoR project contains confidential information in the structure of its code, its logs, and of course its mysql database.

W are the minimum chmod permissions to set so that the app is still served correctly by Apache, but otherwise grants minimum world access?

Most just leave it at "chmod -R 755 rorfolder" but that's a bit too open for my taste. Do I *have* to have all the code be o+r?

2

I'm assuming the user owns the directory

User owns the directory except ~/logs which is owned by root and used for Apache logs.

I'm assuming the dispatch file is being suexeced so that could be 700.

Wrong on that count. No su access at all; dispatch is executed as user.

- Sai