What web (what for html, shtml, css, js, pl, py, php and what for included php files) file permission is the highest security permission I can give to the above files (where 755, where 644) and what to directories(in localhost e.g.:www,www/css, home/gregor/.silly/.idonotwanttonamethatdirpasswordsbutthatsit)?
Can I remove -x to 600 privileges on subdir .silly? I know I must not do that on www or www/css and I suppose I can NOT also remove -x to 600 on subsubdir .idonotwanttonamethatdirpasswordsbutthatsit?
Is there a difference if a php file IS ONLY INCLUDED in another file and not called anytime directly? Can I set privileges in such files to -x 644 or must it be 755 too?
Is it more secure to put .passwords in out of web dir I mean localhost path in one hidden sub dir or is it the same if I put it in localhost/.ha/.whateversubdirpassword?
What privileges does the system look up for to check if it can display/execute file when smbd from another computer accesses via net the index.php or index.html? (And does it matter if server needs to process file? I mean .php ...) Or to put it so in which group does that user belong - do anonymous users have group id, lets say "1111"? Thanks, Gregor from Slovenia