14 Mar 2013

Read Write and Delete - Easy Apache web root permissions for Ubuntu SFTP and FTP users

Setting up (and running) your own web server (or doing so for clients) is an interesting and sometimes frustrating area, and for various reasons I don't think there's a more confusing component than setting correct permissions on the chosen web root (invariably /var/www for Ubuntu).
Everyone seems to have their own way method and I too have my own procedure. For anyone interested here's my simple breakdown along with explanations of each stage, hope it helps.

User and group ownership is the most important top-level consideration and I find leaving default user ownership as root, with group ownership modified for the web group (www-data on Ubuntu) works for me, so from the CLI we first make sure our user is a member of the correct group. I'm using 'newuser' as my username and /var/www as the default web root:

$sudo usermod -a -G www-data newuser

All good, now we just need to setup permissions on /var/www

$sudo chown -R root:www-data /var/www
$sudo chgrp www-data /var/www

The next stages I apply to both populated and empty /var/www. We're setting file permissions to 664, folder permissions to 775:

$sudo find /var/www -type f -exec chmod -R 664 {} \;
$sudo find /var/www -type d -exec chmod -R 775 {} \;

And that's my simple method, allowing SFTP R/W access for 'newuser' whilst happily serving all files webside due to the www-data group tie-in. For various other reasons I also make sure the Apache mod_rewrite module is enabled and AllowOverride All is set in the relevant places (for a default /var/www single site you'll want to be checking /etc/apache2/sites-enabled/000-default).

No comments:

Post a Comment