My question is based on needing as tight as possible security on my site.
I have an AWS EC2 linux instance running a PHP app for use by anyone from their browser, and developed by myself as owner.
I have not changed any groups.
The directory tree is:
/var
/var/www
/var/www/html
/var/www/html/AWS_s
/var/www/html/AWS_s/nm-app
/var/www/html/AWS_s/cr-app
The owner, groups & permissions are:
drwxrwsr-x 10 root www 4096 Dec 25 01:03 /var/www
drwxrwsr-x 5 root www 4096 Feb 26 22:42 /var/www/html
drwxr-xr-x 6 ec2-user www 4096 Feb 25 22:14 /var/www/html/AWS_s
drwxr-xr-x 7 ec2-user www 4096 Feb 24 20:29 /var/www/html/AWS_s/nm-app
drwxr-xr-x 4 ec2-user ec2-user 4096 Apr 9 19:05 /var/www/html/AWS_s/cr-app
Any ideas as to why /cr-app was automatically given the group ec2-user rather than the same group as nm-app which is www?
Which owner:group is more secure?