Granting write permissions to www-data group
First, useradd
creates a new user. As you (iain) already exist, you want to call usermod
instead. So that would be:
sudo usermod -aG www-data iain
addgroup www-data
(note the -a
on Debian-based servers (Ubuntu included) that will add you to that group, and keep your membership to other groups. Forget it and you will belong to the www-data group only - could be a bad experience if one of them was wheel. On SUSE-type servers the option is -A
instead of -aG
so read man usermod
carefully to get it right.)
Second, you don't want apache to have full rw access to /var/www
: this is potentially a major security breach. As a general rule, allow only what you need, and nothing more (principle of least privilege). In this case, you need apache (www-data
) and you (www-data
group) to write (and read) in /var/www/example.com/public_html
, so
sudo chown -R www-data:www-data /var/www/example.com/public_html
sudo chmod -R 770 /var/www/example.com/public_html
Edit: to answer your original question, yes, any member of www-data
can now read and execute /var/www
(because the last bit of your permissions is 5 = read + exec). But because you haven't used the -R
switch, that applies only to /var/www
, and not to the files and sub-directories it contains. Now, whether they can write is another matter, and depends on the group of /var/www
, which you haven't set. I guess it is typically root:root
, so no, they (probably) can't write.
Edit on 2014-06-22: added a note that -aG
option is valid on Debian-based servers. It apparently varies with the distribution, so read man
carefully before executing.