How to set up correctly linux www folder permissions on a web server.
A quick setup allowing to set correct web folders permissions on a web server granting write access to users belonging to a specified group.
Please note that in order to separate users permissions multiple groups are required and this quick tutorial doesn’t cover such scenario.
Step1: Add users to your web server group
You can find out which group folders and files belong to by simply running:
This should show a list where 4th column indicates group name eg:
-rw-r–r– 1 john developers 244 Jan 21 16:06 index.htm
In the above example ‘developers’ is the group name and ‘john’ user belonging to it. So, the file belongs to ‘john’ but also users in ‘developers’ group will have access to it.
On Linux Centos 6.3 by default apache adds web folder to ‘www-data’ group. Therefore, I will add users that should have access to it to this group:
sudo usermod -a -G www-data user1
Now, once we have user added to our web group called ‘www-data’ which is owned by user with exactly the same name it’s time to enforce all new content created under your web directory to belong to ‘www-data’ group as well so both users and web server can access it.
Step 2: Change folders permission recursively
Go to your web folder where web sites reside (e.g. cd /var/www) and run:
chmod 2774 -R .
All folders’ permissions inside your web directory should now look like:
drwxrwsr– 1 john www-data 244 Mar 12 11:34 somesitefolder.com
In order to remove users from groups use:
gpasswd -d user group