What is the recommended settings for file and folder permissions and htccess to harden the server from a security standpoint?
[li]Also what is the recommended bare minimum database user’s privileges after running the installation? (Having the user on full privileges is in general dangerous and a should be avoided.) [/li]
[/ol]
We are about to run a installation of suiteCRM on our servers and are trying to prep the upload before installing it so it would be apprecaited to know more about this…
about the Linux permissions, I would just remove the “everyone” permissions, they shouldn’t be necessary. so use 770 instead of 775, and 750 instead of 755. Make sure your file ownerships will use the “user” or “group” privileges from those codes.
About the database, I never tried hardening database permissions for SuiteCRM. I am not sure how much you can remove. SuiteCRM will need to read/write data, but also to add new tables and change columns on existing tables. Remember this is an app that writes itself, you change things in Studio and these changes will affect database structure, not just database data.
I suppose you can use tighter restrictions, if you are willing to exclude usage of Studio and Quick Repairs and Rebuilds (in production server, I don’t suppose you will want to do that in development). Or you can give permissions only temporarily for these operations.