You want to set file permissions to provide the maximum level of security.
directory under the
ServerRoot should be owned by user root, group
root, and have file permissions of 755
rwxr-xr-x). Files contained therein should also
be owned by root.root and be mode 755.
Document directories, such as htdocs, cgi-bin, and icons, will have to have permissions set in a way that makes the most sense for the development model of your particular web site, but under no circumstances should any of these directories or files contained in them be writable by the web server user.
The solution provided here is specific to Unixish systems. Users of other operating systems should adhere to the principles laid out here, although the actual implementation will vary.
The conf directory should be readable and writable only by root, as should all the files contained therein.
The include and libexec directories should be readable by everyone, writable by no one.
The logs directory should be owned and writable by root. You may, if you like, permit other users to read files in this directory, as it is often useful for users to be able to access their logfiles, particularly for troubleshooting purposes.
The man directory should be readable by all users.
Finally, the proxy directory should be owned by and writable by the server user.
On most Unixish file systems, a directory must
x bit set in order for the files therein to be visible. ...