I need to essentially "lock-down" a series of files and folders from write access outside of root (system admin). I need them to be read only, so the files can still be viewable online, but not written to or edited by any of the system users.
What's the best way to go about this?
By default all website folders should only need 'read' unless you adjusted the perms. I'd use NTFS permissions to lockdown to certain folders. I wouldn't recommend having individual files in different locations. I'd lockdown by folder.