I am from the Drupal background and just had my first install of Mautic. I had to give apache-user ownership of the entire Mautic dump in order for it to run.
In Drupal, if an apache-user is given access to any folder, you write an HTACCESS file to make sure that no PHP file can be executed in that folder due to security reasons.
My question is, how safe it is to give apache-user complete control over the entire install?
Update After the install was successful, I changed the permissions again. Mautic is complaining about a few folders now (compare to asking for access to the entire install). You can check this by going to /sysinfo URL & then selecting “Folders & File Permissions” from the left menu.
/var/www/crm.webcube.club/app/config/local.php |Unwritable|
|/var/www/crm.webcube.club/var/cache |Unwritable|
|/var/www/crm.webcube.club/var/logs |Unwritable|
|/var/www/crm.webcube.club/media/files |Unwritable|
|/var/www/crm.webcube.club/media/images |Unwritable|
|/var/www/crm.webcube.club/translations |Unwritable|
These folders still have some PHP files, which seems unsafe to me. Any suggestions guys?