View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions /var/www Ownership/Permissions Settings
Log in to Ask a Question

/var/www Ownership/Permissions Settings

development

Hi,

I have a question about ownership I want to throw out there.

What should the ownership settings be for /var/www on a Ubuntu VPS?

root:root? www-data/www-data? (my user):(my user)?

I need two things:

1. To be able to add/modify/delete files myself

2. To allow Apache to add/modify/delete files too (I have a few PHP scripts that do that)

What would you guys recommend?

Thanks in advance for your suggestions!

6 Replies

Having PHP files writable by the webserver opens you up to attacks where someone exploits an existing bug to upload new code that they can run.

Are there any other ways to create files/folders using PHP that are more secure?

1. Leave the files owned by www-data:www-data and "sudo -s" when you need to make edits.

What do you think of me adding myself to the www-data group so I didn't have to do that?

@jzimmerlin:

What do you think of me adding myself to the www-data group so I didn't have to do that?
That would work as long as the PHP files and relevant directories have permissions of 664 (or greater) so the group has write permissions.

Thank you!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct