I have a AWS ec2 instance with Amazon Linux AMI running. As the web server I installed Apache and the web directory is /var/www/html.
Until now I had the permission for /var/www/html set as 777 under the user c2-user (chmod -R 777 /var/www/html).
I read, that you should usually have set the 644 permission for web access. But as soon as I do that, I get the 403 forbidden error message. What do I have to change?
The difference between '7' and '6' is the execute bit. That's important on directories because it allows other users to enter the directory. Since the dir is opened by ec2-user and Apache runs as another user, the third number (of 777) comes into play.
On individual files it may be okay to use permissions of 644, as that prevents other users from being able to modify the file. This isn't always true, though- executable files need the executable bit and logs need to be writeable by their process.
Here's a quick overview on directories and unix permissions: https://unix.stackexchange.com/questions/21251/why-do-directories-need-the-executable-x-permission-to-be-opene