Recommended Safety and Other Practices

hosting

#1

Hello

I have two questions about better practices recommended with OC. For my first conversation here, I prefer do one discuss, to not to pollute this pretty forum. Please do not hesitate to redirect me or explain me how doing. Please note I am french, sorry... I use the host "Infomaniak" (Swiss).

I am used to bridging the CHMOD rights of certain files (config.php...), for security reasons. But please what is the best do to? Have we some files or directories that we can set hight restrictives rights, and others not? Is it a doc about this, or better practices recommended (like "all files in 644, directories in 755, config.php in 444, X directory in XXX...") ?

And another question: is it safe to install OC in a third-party directory on an official site?
For example, our officiel website would be "master-university.example" ; and I installed OC in "master-university.example/owncloud". Is it safe?

I ask this because I always had problem to upgrade OC. Does it matter that I never make updates, I just re-install a new OC every year... And I do not want to do that any more.


#2

I did the following search on the documentation: https://doc.owncloud.org/server/latest/admin_manual/search.html?q=chmod and stumbled over https://doc.owncloud.org/server/latest/admin_manual/installation/installation_wizard.html?highlight=chmod#post-installation-steps