Which user should own the files in the Apache web folder?
I run Apache (and the whole LAPM stack) on our Linode server which runs CentOS 6 .
I am hosting multiple sites there with Apache virtual hosts and I have created FTP users for each of the sites.
The issue I am now faced with is that the FTP users are not able to upload files.
I have made the files in the vhosts folder (each representing a different website) to be owned by the apache user and the apache group.
Is this the right approach?
Which user is supposed to own the files in the Apache folder?
I would appreciate any response to this issue that would be of any help.
Thanks.
1 Reply
In the simple case, your directories can be owned by the user/group that the files are coming from, and they and the files within can be readable by all.
It is generally a bad idea for Apache to be able to write files, as this can allow security exploits through the web server. However, if your web application has some sort of built-in cache or allows file uploads, those specific directories would need to be writable by Apache.
Things get more complex if you wish to prevent users from seeing each others' files.