File Permisssions on server

[msmarc]

For security, I wanted to get a general idea of how to set up permissions safely on my webserver if I'll be instigating simple php scripts with mysql. This would include user authentication with mysql as well as storing user information. Should I put all my php scripts outside the web root(htdocs) such as the mysql_connect script which gives mysql connection information? What permissions should I generally set for files/folders within the web hierarchy? Should all php files be set to a certain permission, such as read only? Any general idea on this would help, it doesn't need to be too detailed