I am running Apache with the user apache
My webroot is /var/www/html
the file owner of /var/www/html is myUser:myUser with permissions 744
I have a PHP script for file uploads that should write files to /var/www/html/files
If I make the owner of the files directory myUser:apache and set the permissions to 774, would that be a secure setup? Will I find myself hacked or have GB of unsavoury pictures uploaded to my site?
I am also considering a /var/www/html/files/.htaccess to be
Order Deny,Allow
Deny from all
<FilesMatch "\.(gif|jpe?g|png)$" Allow from all
</FilesMatch>