Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

www-data permissions?

People also ask

What is a www-data user?

www-data is the user that web servers on Ubuntu (Apache, nginx, for example) use by default for normal operation. The web server process can access any file that www-data can access. It has no other importance. (source) On many (not all) distributions, www-data is the user under which the Apache web server runs.

What permissions should var www html have?

root is the default owner of files & folders in /var/www/html folder (which is typically Document Root) for your website. Also the file permissions are 755. It means other users cannot access these files easily.

How do I give permission to VAR www?

chmod g+w /var/www to allow your account to be able to add files to /var/www. If there are any subdirectories beneath /var/www, you will want to do the same chmod command if you need to be able to write to those directories ever.

What does Chown www-data www-data do?

sudo chown -R jknoppf:www-data /var/www/html : This command change the owner of all the directories and files, including /var/www/html , into the user jknoppf , and also change the group owner into the group www-data .


sudo chown -R yourname:www-data cake

then

sudo chmod -R g+s cake

First command changes owner and group.

Second command adds s attribute which will keep new files and directories within cake having the same group permissions.


As stated in an article by Slicehost:

User setup

So let's start by adding the main user to the Apache user group:

sudo usermod -a -G www-data demo

That adds the user 'demo' to the 'www-data' group. Do ensure you use both the -a and the -G options with the usermod command shown above.

You will need to log out and log back in again to enable the group change.

Check the groups now:

groups
...
# demo www-data

So now I am a member of two groups: My own (demo) and the Apache group (www-data).

Folder setup

Now we need to ensure the public_html folder is owned by the main user (demo) and is part of the Apache group (www-data).

Let's set that up:

sudo chgrp -R www-data /home/demo/public_html

As we are talking about permissions I'll add a quick note regarding the sudo command: It's a good habit to use absolute paths (/home/demo/public_html) as shown above rather than relative paths (~/public_html). It ensures sudo is being used in the correct location.

If you have a public_html folder with symlinks in place then be careful with that command as it will follow the symlinks. In those cases of a working public_html folder, change each folder by hand.

Setgid

Good so far, but remember the command we just gave only affects existing folders. What about anything new?

We can set the ownership so anything new is also in the 'www-data' group.

The first command will change the permissions for the public_html directory to include the "setgid" bit:

sudo chmod 2750 /home/demo/public_html

That will ensure that any new files are given the group 'www-data'. If you have subdirectories, you'll want to run that command for each subdirectory (this type of permission doesn't work with '-R'). Fortunately new subdirectories will be created with the 'setgid' bit set automatically.

If we need to allow write access to Apache, to an uploads directory for example, then set the permissions for that directory like so:

sudo chmod 2770 /home/demo/public_html/domain1.com/public/uploads

The permissions only need to be set once as new files will automatically be assigned the correct ownership.


Let's say you want to sftp into a directory sharing reading, writing and executing permissions with www-data, this is what you should do:

1 - Add yourself to www-data group

sudo usermod -a -G www-data <your_user>

2 - Sets the wanted user:group ownership for your folder and files recursively

sudo chown -R <your_user>:www-data <your_folder>

3 - This adds permissions (read write execute) to all users (a+rwx); Restrict permissions from others (o-rwx); Sets the same (folder inherited) user:group for every new file created under that directory (ug+s). This will be executed recursively and only in folder (probably exactly what you want)

sudo find <folder_name> -type d -exec chmod a+rwx,o-rwx,ug+s {} +