Generally, the ownership of cache, public, and other web-writable directories should be your web user and the web-user’s primary group, for example apache:www-data
. Permissions should probably be 750.
The ownership of the other non-web-writable directories should be your user, with either the web user’s group, or with public execute permissions. For example:
root:www-data
with 750
or
root:root
with 755.
Web-writable files would be the same, but without the execute permission:
apache:www-data
with 640
Non-web-writable files would be perhaps:
root:www-data
with 640
or
root:root
with 644
I strongly recommend not using root as your user for general access, but rather using a non-privileged user instead and only escalating to root via su or sudo as needed. That is, however, running outside the scope of this forum.