Help With Chmod File Permissions

[MrLinus]

Mind you, I don't have sensitive documents hosted on the server, just html and image files.

Information leakage can cause problems even if you don't think it's important. What may not be important to you may add some more for someone else. Honestly, if there is no reason to see or use it, they shouldn't.

I'm also confused about the differences between read and execute. I know that write allows a user to modify or add a file/directory, but what about read and execute? When a user visits my site and reads a simple html document, isn't the user already executing it? Or does execute only apply to scripts and programs?

It would only apply to scripts and programs. When the user is reading the file they are just looking at it. No where are they modifying or doing anything to the file. It's akin to cat filename.

What permissions and other steps should I take in order to really lock down my site? I just want people who visit my site to have the bare minimums, like accessing and reading simple html documents.

Then only post what you want them to see. The more complex the site, the more risk and the more things you have to do (e.g., stricter access controls, validation checking, etc.)

[chsh]

I personally prefer to use a group called "web" to do all that dirty work, so everything apache needs access to gets chowned to (for instance) chsh:web, then chmoded to 0750, and Apache runs as Apache:Web. But hey, to each his (or her) own.

[cyclops07]

Others hav shown their ideas how to solve ur prob..
Im just wanna explain how chmod works. It is mapped in binary.
Mayb, it isn't importante to know this, just for ur info...

r= read
w= write
x= execute

(Binary)
r | w | x (Decimal)
0 | 0 |0 = 0
0 | 0 |1 = 1 (you ticked on x)
0 | 1 |0 = 2 (you ticked on w)
0 | 1 |1 = 3
1 | 0 |0 = 4 (you ticked on r)
1 | 0 |1 = 5
1 | 1 |0 = 6
1 | 1 |1 = 7 (you ticked everything)

So if u assigned chmod 704 filename, it is likely u assigned 111 000 100 for owner, group and others..