What are the best practices for handling database file permissions and access when using SQLite3 in PHP on a Linux-based server like Synology DiskStation?

When using SQLite3 in PHP on a Linux-based server like Synology DiskStation, it's important to properly set file permissions and access control to ensure the security and integrity of your database. One best practice is to create a separate directory outside of the web root to store your SQLite database file, and then restrict access to this directory to only the necessary users. Additionally, you should set appropriate permissions on the database file itself to prevent unauthorized access.

// Set up SQLite database connection
$database_file = '/path/to/database.db';
$pdo = new PDO('sqlite:' . $database_file);

// Set file permissions for database file
chmod($database_file, 0600);

// Set directory permissions for database file
$database_dir = dirname($database_file);
chmod($database_dir, 0700);