0

I run a LAMP server on a ubuntu laptop I use only for development. I am not greatly concerned with security, since the server is never accessible outside the local network, and it's turned off when I'm not using it.

My question is what is the simplest and 'best' way to set permissions/users/groups so that when my myself user creates, edits or writes files in the webroot, I won't need to go through and CHMOD / CHOWN everything back to the www-data user?

Should I add myself to the www-data group? Or chown the webroot to www-data:myself? Or is there a best practice for this situation so I don't have to keep re-setting the ownership of these files?

Thanks

EDIT:

Perhaps it would help to note that I use PHP CMS systems like wordpress pretty extensively-- so it's important that the webserver "user" should be able to write new files-- since otherwise it would not be able to install new plugins, templates etc. in a web directory owned by a user.

user101289
  • 297
  • 1
  • 3
  • 12
  • While we do have tips for securing a LAMP server (http://serverfault.com/q/212269) for production, we don't have them for development servers. – sysadmin1138 Nov 04 '12 at 02:13

1 Answers1

1

With default umask (022) there's no need to chmod/chown files in order to view them via apache.

FINESEC
  • 1,371
  • 7
  • 8
  • Right, but won't the Apache user be unable to write any files in a directory that `myself` has created? So the `myself`-owned files and dirs will be readable but not writeable by `www-data`? – user101289 Nov 03 '12 at 23:02
  • Ordinarily, you do not want `www-data` or `nobody` to have write access to your static web content directories, for fairly obvious reasons. – Skyhawk Nov 03 '12 at 23:33
  • IN the case of a PHP CMS (which I use pretty frequently) the apache user will be writing all kinds of files into the web directory when you install new WP themes, updates, etc. – user101289 Nov 03 '12 at 23:38
  • If you're really lazy you might set umask to 0 in $HOME/.bashrc, but I didn't tell you this. – FINESEC Nov 03 '12 at 23:47