FTP and Apache permission issues
Im having issues as to which user should own my www directory - ftp or apache? When set to the ftp user, the user can add, remoe and easily modify files but php file system actions generate permission denied errors (ofcourse because they require the user to be apache). If however, the www directory is chown to apache, the ftpuser wont be able to perform some actions like file modification and deletion. Any one ever encountered similar issue? What's the fix? Thanks
Solution 1:
This is what groups are for.
You can add the ftp user to the apache group, and vice-versa. Or, even better, you could add them to a third group that you create specifically for this purpose.
e.g.
# groupadd mygroup # useradd -G mygroup ftp # useradd -G mygroup apache # chown -R :mygroup /var/www # chmod -R g+rw /var/www
Those commands do the following:
- Creates new group 'mygroup'
- Adds ftp user to mygroup
- Adds apache user to mygroup
- Recursively grants group ownership to contents of /var/www/ to mygroup
- Recursively grants group read & write perms to contents of /var/www/
You just need to make sure that files added in the future belong to the 'mygroup' group and have the appropriate permissions for both apache and ftp to read/write them.
Solution 2:
Most of your content should be owned by a user other than apache. Assuming your use FTP to update your content, you can set all the files to be owned by ftp:apache. I would suggest using SCP for SFTP instead of ftp. Files should have permissions 644 or 640 and directories permissions 755 or 750.
For files and directories the application needs to write to add group write access.