Fixing permission settings on www folder

August 6, 2019 117 views
Configuration Management LAMP Stack Security Ubuntu 18.04

Hey,

I spun up a new droplet right before the weekend and have been working on setting it up properly for my very small team. I've read a multitude of posts on StackOverflow and ServerFault about how to properly configure the "/etc/www/html" folder permissions.

I can get what seems like proper permissions for my own user, however when I try to log in to another user, they get permission denied regardless if we're in the same group or not.

What I'm aiming at is properly securing the /etc/www/html folder without breaking anything for the www-data user (I'll manually chmod any folder it needs write access to for uploads and such) and giving the group "webmasters" read/write access on "/etc/www/html" so that they can work in it. (Editing files, uploading, etc.)

Can anyone help me out?

1 Answer

Hi Dizzzy,

From what I understand, you want to allow multiple users to edit the same directory, is that correct?

*There are two ways to do this : *

  • Add the users to the www-data's group
  • Add the users to the sudoers group

Add the users to the www-data's group

You can create new users and add them to the www-data's group. That way the new users will have read/write access to the folders with ownership www-data.

You'll start by creating the user by using the adduser command

sudo adduser exampleuser

Next step would be to add the new User Account to the needed the relevant group

 sudo usermod -a -G examplegroup exampleusername

Where the examplegroup is www-data.

Add the users to the sudoers group

You'll start by creating the user by using the adduser command

sudo adduser exampleuser

Then use the usermod command to add the user to the sudo group

sudo usermod -aG sudo exampleuser

Lastly, you can use test if everything was done correctly by using the su command

sudo su - username

Once you are run you can execute something like:

sudo ls -la /etc/www/html

If the directory is listed then you are good to go.

There is something I like to point it. If you add your users to the sudoers group, they'll have access to all files on your server not just /etc/www/html. If this is not something you want, I would suggest using the first method.

Kind regards,
Kalin D.

Have another answer? Share your knowledge.