0

I've got a Debian VPS set up with a LAMP-stack. My apache2 instance runs on the user account 'www-data'.

In addition to the root account and the service accounts I have several user accounts belonging to friends, family and myself that includes FTP-access. This is to allow the users to drop files to the root of their domain which is located in their home folder.

I am having issues with setting the correct permissions so that Apache is able to serve the content ("403 Forbidden"). I could just do a 'chmod -R 755 *' on the entire www-directory for each domain, but from what I gather that's not a good idea.

Here's an example of the structure:
apache2 is run by 'www-data'
User 'john' has this home folder structure
/home/john/domains/somedomain.com/www
/home/john/domains/sub.somedomain.com/www

How can I keep things safe while still allowing users to upload content via FTP, and allow for file-uploads in lets say Wordpress?

John
  • 201
  • 1
  • 3
  • 10

1 Answers1

0

With published content, it's typical for permissions to be:

  • 755 for directories and CGI
  • 644 for static content

Now, if you're doing file uploads with Wordpress, you would need the upload directory to be group owned by www-data and permissions of 775. You might want the SGID bit set.

Depending on what the uploads are for it could be advised to keep out of the Web tree for security purposes, as this could be a penetration point.

Things get more complicated if you want multiple users manipulating the same content or have a multi-user hosting environment.

Warner
  • 23,756
  • 2
  • 59
  • 69