Apache is widely deployed open source web server software.
Summary (from serverfault thread):
- Apache usually runs as the www-data, which will at the very least need read access to files
- “Application” files (e.g. *.php) don’t need execute permissions as they’re not directly executed by the web server, they only need read permissions
- Your user should own the files
- The www-data user should own the group, which should have read and execute (why execute?) permissions
- Any files or folders which will be changed by apache need to have write (+w) permissions for the group owner
umask XXXto set the default permissions for newly created files.
umask 007sets permissions to read+write for owner and group, no permissions for others, which is a sensible default
wikipedia has a clear explanation of the unix permissions shorthand.