Dateiattribute, File permission für Drupal

1. [@ ROOT] DRUPAL CORE PLUS OUR ADDED MODULES & THEMES

• All Core Drupal Folders and Sub-Folders = 750 (rwx,r-x,---)
• All Core Drupal Files and Files in subfolders = 640 (rw-,r--,---)
• Our own modules/themes/libraries use the same lockdown permissions.
• /sites/all/themes = as above
• /sites/all/modules = as above
• /sites/all/libraries = as above

2. [@ /SITES] DRUPAL SETTINGS

• /sites/default Folder = 755 (rwx,r-x,r-x). Better = 750 (rwx,r-x,--) if it works.
• /sites/default/settings.php = 444 (r--,r--,r--). Better = 440 (r--,r--,---) if it works?

3. [@ /SITES/.../FILES] WRITEABLE FILES in /sites/all/default/files folders : (like images, file attachments etc)

• All Folders in /sites/all/default/files and all its subfolders : 770 (rwx,rwx,---)
• All Files in /sites/all/default/files and it subfolder files : 660 (rw-,rw-,---)

these folders/files are the exception so that Drupal can delete the files attached to posts when they are deleted etc.

4. REDUCING WRITABLE FILES VULNERABILITY

1. files/.htaccess should not be writeable by webserver 440
2. disable php in that folder, add this line to your files/.htaccess:
AddHandler default-handler php

Source: http://drupal.org/node/244924#comment-4519336 ThX for that