Hello,

I have a Magento CE 1.7.0.2 installation patched with available patches running on a dedicated server. The Apache Web Server is running by user "nobody", while all my files and directories are owned by a different user which I use to access the server via SSH/SFTP. The PHP is running as suEXEC. The file/directory permissions described at the below article don't work for my installation:

http://devdocs.magento.com/guides/m1x/install/installer-privileges_after.html

I have also noticed the following:

• When I upload pictures via Magento Admin, the relevant files are created with permissions 666 and owned by my SSH/SFTP user; i.e. not the user "nobody" running Apache Web Server. The same situation applies for directories which are created with permissions 777.
• The above permissions and ownership also apply for file and directories created by Magento Connect Manager when I use it to install some free Magento Extensions.

So, my question is: Will the below file/directory permissions be appropriate for my Magento installation, or I will have security holes?

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \; 
find var/ -type f -exec chmod 644 {} \; 
find media/ -type f -exec chmod 644 {} \;
find var/ -type d -exec chmod 755 {} \; 
find media/ -type d -exec chmod 755 {} \;
chmod 550 lib/Mage
chmod 700 includes
chmod 600 includes/config.php