View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Apache directory structure
Log in to Ask a Question

Apache directory structure

development

Here's my scenario. I have a Linode 360 running Debian Lenny with only one user (myself) serving a couple of personal websites, no other users exist on the machine besides normal system accounts, root, etc.

I have everything residing in /var/www/my.domain1, /var/www/mydomain.2 etc.

I have changed the owner/group to www-data for the entire /var/www directory and subdirectories from root for security reasons.

I use my normal user for all administration and uploading/creating html, php files etc. The problem I have run into however is that when I create new files they are then owned by my user account (as expected) and then I do a chown to www-data. This is becoming a little labor intensive given the amount of files I have been dealing with. I would like the files to owned by www-data from the moment they are created without actually having to login as that user.

Is there an easier more preferred method to what I am trying to accomplish here without re-inventing the wheel?

3 Replies

In general, I wouldn't have web files owned by www-data. If there's a vulnerability in the web server or in your php/ruby/python/whatever, they'll be able to do nasty things like modify your htaccess to redirect to bad sites. The only files/directories that the web server needs write access to are upload/tmp directories and that's easy. For everything else, apache should only have read access and the easiest way to do that it to give all files 644 permissions, all directories 755 permissions and make everything owned by a different user.

btmorex is right, but if you really need to chown a lot of files at once:

chown -Rv www-data:www-data /var/www

You could even write a bash script that does this whenever you need.

You could add your account to the www-data group, then put the setgid bit on your document root directory (e.g., chmod g+xs /var/www). (You'd also need to do this to any existing subdirectories.) Any files you created there would then be owned by you, but would be assigned to the www-data group. You'd then need to manage what permissions the group has to the files (read-only vs. read-write).

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct