Security best practices suggest that you should never have an executable in a public web directory. However, in a typical Magento install (in my very limited experience), this is not true.
Even in production, it seems bin/magento needs to remain executable. Are there other files that need to be executable?
Our setup is a Magento 2.3.3 store running on a dedicated (not shared) host. We have full root access and can create any users, groups and file permissions needed. We also have a filesystem that supports ACL’s.
The site is under active development at this time.
Here are the executables under the Magento webroot. How many of these should we keep now? How many are needed in production?
find . -type f -executable
./vendor/magento/magento-composer-installer/run_phpcs.sh
./vendor/magento/zendframework1/bin/zf.bat
./vendor/magento/zendframework1/bin/zf.sh
./vendor/magento/magento2-functional-testing-framework/bin/all-checks
./vendor/magento/magento2-functional-testing-framework/bin/copyright-check
./vendor/magento/magento2-functional-testing-framework/bin/mftf
./vendor/magento/magento2-functional-testing-framework/bin/phpunit-checks
./vendor/magento/magento2-functional-testing-framework/bin/static-checks
./vendor/composer/composer/bin/compile
./vendor/composer/composer/bin/composer
./vendor/seld/jsonlint/bin/jsonlint
./vendor/justinrainbow/json-schema/bin/validate-json
./vendor/wikimedia/less.php/bin/lessc
./vendor/paragonie/random_compat/build-phar.sh
./vendor/yubico/u2flib-server/do-source-release.sh
./vendor/yubico/u2flib-server/examples/cli/u2f-server.phps
./vendor/elasticsearch/elasticsearch/travis/download_and_run_es.sh
./vendor/elasticsearch/elasticsearch/travis/generate_docs.sh
./vendor/elasticsearch/elasticsearch/travis/run_es_docker.sh
./vendor/braintree/braintree_php/ci.sh
./vendor/tubalmartin/cssmin/cssmin
./vendor/tubalmartin/cssmin/tests/bin/runner
./vendor/squizlabs/php_codesniffer/bin/phpcbf
./vendor/squizlabs/php_codesniffer/bin/phpcs
./vendor/squizlabs/php_codesniffer/bin/phpcs.bat
./vendor/grasmash/yaml-expander/scenarios/install
./vendor/consolidation/self-update/scripts/release
./vendor/sebastian/phpcpd/phpcpd
./vendor/phpunit/phpunit/phpunit
./vendor/codeception/codeception/codecept
./vendor/behat/gherkin/bin/update_i18n
./vendor/friendsofphp/php-cs-fixer/dev-tools/bin-download.sh
./vendor/friendsofphp/php-cs-fixer/dev-tools/build.sh
./vendor/friendsofphp/php-cs-fixer/dev-tools/check-shell-scripts.sh
./vendor/friendsofphp/php-cs-fixer/dev-tools/trigger-website.sh
./vendor/friendsofphp/php-cs-fixer/php-cs-fixer
./vendor/pdepend/pdepend/scripts/compare.sh
./vendor/pdepend/pdepend/src/bin/pdepend
./vendor/phpmd/phpmd/src/bin/phpmd
./bin/magento
