user has no write permission on his owned folders?

Question

i am working on Debian10 with php8 fpm + apache2 , I've created a new user with a group username:username , and i've set a home directory for this user located at

/home/username/www

of course i've chmod -R all the folders and files to username:username , before it was www-data when the files was inside /var/html

so basically i have a small script trying to write a cache folder but it is not working when i chmod the folders to username:username , its only work if i chmod the folders to www-data ?

the cache folder chown 755 , and it working fine if owned by www-data not username

is it possible to allow username has a write permission like www-data?

PS : username is an example for the real one

Answer 1

A possible approach to let username control stuff, while www-data has read only access for security reasons and write access only where its needed:

• Set username as owner and www-data as group

  chown -R username:www-data /home/username/www
  

• Give full access to owner (read/write/exec: 7) and read only access to group (read/exec: 5). The Other group here has no access (0).

  chmod -R 750 /home/username/www
  

• Give write access to www-data where its needed:

  chmod -R 770 /home/username/www/path/writable/by/webserver
  

Files created by webserver will be fully owned by itself (www-data:www-data) but the directory owner (username) still can move them.

Answer 2

By default, when you install PHP-FPM it installs a single pool which runs as the www-data user. If you change the user and group in /etc/php/8.0/fpm/pool.d/www.conf to the right user, then your script will run as the user, and www-data will not need write permissions.

Your config have these 2 lines by default:

user = www-data
group = www-data

Replace those lines with:

user = username
group = username

Restart the FPM daemon

service php8.0-fpm restart