- i'm not sure that putting an empty index.php is going to do anything useful for you.

- setting the user permission to 3 makes it unusable as a directory by the non-owner/group since it is not readable.
it should be either a 5 for a readable directory or a 7 for a read/write directory.

Turn off indexes for the directory and don't worry about perms.

Options -Indexes

Sean

OK, back up - we are talking about two different kinds of security here.

An empty index.html will serve web browsers an empty page. (Presuming your server is set to use index.html as a default page.) This will prevent browsers from seeing an index of your files, which they might if you had no default page.

However, the other method mentioned above is better for this purpose.

Unix/Linux file permission are used to control access to files by other users logged-in to a shell. If you are on a shared server, you need to use file permissions to prevent other customers of the hosting service from seeing or altering your files.

If you are on a dedicated server or a VPS, which you control exclusively, file permissions are less important - you probably have no other shell users.

However, you probably should still concern yourself with file permissions, as you may from time to time have others (employees, consultants) working on your machine, and may wish to make access available on a "need to know" basis. As well, careful use of file permissions can help control any successful break-in or exploit to your site that gives an attacker control of a non-root account.

[edited by: jtara at 4:34 pm (utc) on Oct. 6, 2007]

where to turn it off?

Thanks, am having VPS so it sounds like its not a problem as there are no other user/employees working on my site.

Thanks again!