Are these webroot permissions correct ?
I’m relatively new to permissions, so I might be doing this wrong, which is why I am checking with you (the reader). I have been wondering how I would have to set my webroot permissions for ‘regular website hosting’ on my VPS. I understand there are tens of ways of doing it, depending on the security one needs, but after reading some tutorials I came to the following situation :
1.) sudo chown -R <myself>:www-data /var/www
2.) sudo chmod -R 755 /var/www
3.) sudo chmod g+s /var/www
1.) I’m setting <myself> and the www-data group as owners of the webroot.
2.) I’m changing the permissions recursively on the webroot so that <myself> has all permissions, NGINX has read & execute and the world also has read & execute.
3.) New files that are added (through SFTP or the shell) will inherit the same configuration of permissions / ownership.
In case of dynamic pages generated by wordpress I will leave it this way but set different permissions for folder where NGINX needs to write, such as 'upload’ folders, and / or 'plugin’ folders. etc.
1.) sudo chmod 775 /var/www/… <upload>
2.) sudo chmod 775 /var/www/… <plugin folder>
The question however is : I am doing all this in the right way ? Or am I going about it all wrong ?
Thanks in advance