Permissions for /var/www/html

Question

I have a virtual CentOS server with GoDaddy, and I'm having trouble setting up the permissions for /var/www/html.

Users are not allowed to log in as root, or even add themselves to the root group, so here's the corner I've painted myself into:

I changed its owner using the following command (I used the user:group that was in httpd.conf):
```
chown -R apache:apache /var/www/html
```
I added my own user to the apache group:
```
usermod -a -G apache myuser
```
I changed the permissions:
```
chmod 777 /var/www/html -R
```

This is the only way to give my SFTP account the ability to create, change, and delete files in /var/www/html. 777! (The SFTP account uses the same credentials as the ssh account, which means for all intents and purposes they're the same, right?)

I'm obviously new to Linux server admin, but this seems ridiculously insecure. Is there a better way to do all this?

Note The website I'm planning on putting up here will allow file uploads, cron jobs, etc., so I'm guessing that will complicate the necessary permissions as well. Is that correct?

Update Using 775 does not appear to work; I can upload/overwrite files, but when I just try to delete them, FileZilla gives me this error:

rm /var/www/html/index.php: permission denied

I have no idea why, but changing back to 777 "fixes" this.

I am a new user to this site, please leave a comment explaining downvotes and how I can improve the question... — dicaeopolis, Sep 13 '12 at 20:16
+1 because the downvote is IMO not diserved. I believe the question should however be asked on an alternate site such as serverfault.com or unix.stackexchange.com. — Serge Wautier, Sep 13 '12 at 20:25
+1 Thank you very much @dicaeopolis. Your question and your answer as well as Jon Lin helped me finally solve my own problem with `/var/www/html` in Amazon EC2. Thank you so much! — Anthony, May 25 '13 at 19:24

score 30 · Answer 1 · answered Sep 13 '12 at 20:12

You just need 775 for /var/www/html as long as you are logging in as myuser. The 7 octal in the middle (which is for "group" acl) ensures that the group has permission to read/write/execute. As long as you belong to the group that owns the files, "myuser" should be able to write to them. You may need to give group permissions to all the files in the docuemnt root, though:

chmod -R g+w /var/www/html

score 0 · Answer 2 · answered Oct 22 '13 at 20:25

I have just been in a similar position with regards to setting the 777 permissions on the apache website hosting directory. After a little bit of tinkering it seems that changing the group ownership of the folder to the "apache" group allowed access to the folder based on the user group.

1) make sure that the group ownership of the folder is set to the group apache used / generates for use. (check /etc/groups, mine was www-data on Ubuntu)

2) set the folder permissions to 774 to stop "everyone" from having any change access, but allowing the owner and group permissions required.

3) add your user account to the group that has permission on the folder (mine was www-data).

score -29 · Answer 3 · edited Aug 14 '19 at 09:17

-29

log in as root user:

sudo su

password:

then go and do what you want to do in var/www

edited Aug 14 '19 at 09:17

treyBake

6,096
5
22
47

answered Sep 13 '14 at 15:15

Mustafa Omar

11

2

Its not a good style to answer a question. – Hafiz Muhammad Shafiq Jan 21 '15 at 10:00
it should be set properly for the webserver user – Pedro Luz Mar 08 '15 at 14:31
This helped on local server. Thanks :D – CENT1PEDE Jan 22 '16 at 09:25

Permissions for /var/www/html

3 Answers3

Linked