[linux] Permissions for /var/www/html

I have a virtual CentOS server with GoDaddy, and I'm having trouble setting up the permissions for /var/www/html.

Users are not allowed to log in as root, or even add themselves to the root group, so here's the corner I've painted myself into:

  • I changed its owner using the following command (I used the user:group that was in httpd.conf):

    chown -R apache:apache /var/www/html
    
  • I added my own user to the apache group:

    usermod -a -G apache myuser
    
  • I changed the permissions:

    chmod 777 /var/www/html -R
    

This is the only way to give my SFTP account the ability to create, change, and delete files in /var/www/html. 777! (The SFTP account uses the same credentials as the ssh account, which means for all intents and purposes they're the same, right?)

I'm obviously new to Linux server admin, but this seems ridiculously insecure. Is there a better way to do all this?

Note The website I'm planning on putting up here will allow file uploads, cron jobs, etc., so I'm guessing that will complicate the necessary permissions as well. Is that correct?

Update Using 775 does not appear to work; I can upload/overwrite files, but when I just try to delete them, FileZilla gives me this error:

rm /var/www/html/index.php: permission denied

I have no idea why, but changing back to 777 "fixes" this.

This question is related to linux apache permissions sftp

The answer is


You just need 775 for /var/www/html as long as you are logging in as myuser. The 7 octal in the middle (which is for "group" acl) ensures that the group has permission to read/write/execute. As long as you belong to the group that owns the files, "myuser" should be able to write to them. You may need to give group permissions to all the files in the docuemnt root, though:

chmod -R g+w /var/www/html

I have just been in a similar position with regards to setting the 777 permissions on the apache website hosting directory. After a little bit of tinkering it seems that changing the group ownership of the folder to the "apache" group allowed access to the folder based on the user group.

1) make sure that the group ownership of the folder is set to the group apache used / generates for use. (check /etc/groups, mine was www-data on Ubuntu)

2) set the folder permissions to 774 to stop "everyone" from having any change access, but allowing the owner and group permissions required.

3) add your user account to the group that has permission on the folder (mine was www-data).


log in as root user:

sudo su

password:

then go and do what you want to do in var/www


Examples related to linux

grep's at sign caught as whitespace How to prevent Google Colab from disconnecting? "E: Unable to locate package python-pip" on Ubuntu 18.04 How to upgrade Python version to 3.7? Install Qt on Ubuntu Get first line of a shell command's output Cannot connect to the Docker daemon at unix:/var/run/docker.sock. Is the docker daemon running? Run bash command on jenkins pipeline How to uninstall an older PHP version from centOS7 How to update-alternatives to Python 3 without breaking apt?

Examples related to apache

Enable PHP Apache2 Switch php versions on commandline ubuntu 16.04 Laravel: PDOException: could not find driver How to deploy a React App on Apache web server Apache POI error loading XSSFWorkbook class How to enable directory listing in apache web server Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details How to enable php7 module in apache? java.lang.RuntimeException: Unable to instantiate org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient The program can't start because api-ms-win-crt-runtime-l1-1-0.dll is missing while starting Apache server on my computer

Examples related to permissions

On npm install: Unhandled rejection Error: EACCES: permission denied Warnings Your Apk Is Using Permissions That Require A Privacy Policy: (android.permission.READ_PHONE_STATE) ActivityCompat.requestPermissions not showing dialog box PostgreSQL: role is not permitted to log in Android 6.0 multiple permissions Storage permission error in Marshmallow Android M Permissions: onRequestPermissionsResult() not being called pip install failing with: OSError: [Errno 13] Permission denied on directory SSH Key: “Permissions 0644 for 'id_rsa.pub' are too open.” on mac changing the owner of folder in linux

Examples related to sftp

Upload file to SFTP using PowerShell Google Drive as FTP Server Schedule automatic daily upload with FileZilla FTP/SFTP access to an Amazon S3 Bucket Download files from SFTP with SSH.NET library scp or sftp copy multiple files with single command Single line sftp from terminal Batch file for PuTTY/PSFTP file transfer automation Secure FTP using Windows batch script SFTP file transfer using Java JSch