How to properly setup user/groups/permissions for a web server?

December 27, 2013 3.6k views
Hello, I spent all day figuring this out, but without success, so hopefully I can get some help here: I have Ubuntu 13.10 VPS server with nginx, PHP 5 and MariaDB installed. I created custom system user (for example "myuser") which I use for connecting through SFTP to my server. In my user home directory I created "public_html" dir for my web root. What I am trying to accomplish is that if I copy my files through SFTP (or rsync as well) they will be working not only with my user, but also with the PHP/server. For example if I install WP it has no permissions to write in files as I am the owner of them. (therefore cannot upload files, install themes, plugins etc.) However this is not a WP problem, but overall user/group/permission setup problem I was playing around with directory sgid, umask, assigning myself to www-data etc. but cannot find the right way to do this. (without manually chmod my files) For example on my ex-shared hosting I just uploaded a file where I am the owner and there is no problem with permissions. Running nginx/php under my user I consider as not secure. Please help me with this issue - I need a stable and secure option. P.S. I know I can chmod my files after I upload/create them, but this is not a solution as it is very time consuming/overhelming. I need to automate this process and I believe there is a proper solution. Thank you.
3 Answers
"I have Ubuntu 13.10 VPS server..."

If you plan on this being a production server, you don't want to use 13.10 (use 12.04.3 LTS, instead).

"For example if I install WP..."

Is there a reason why you don't want to install WordPress as prescribed, here: How To Install Wordpress with nginx on Ubuntu 12.04?
by Etel Sverdlov
Wordpress is a free and open source website and blogging tool that uses php and MySQL. It was created in 2003 and has since then expanded to manage 22% of all the new websites created and has over 20,000 plugins to customize its functionality. This tutorial shows how to install Wordpress on a server with LEMP (with nginx instead of apache). It is written for Ubuntu 12.04.
May I ask you what is wrong with 13.10? Are there any security issues?

As I said it is not only about WP, WP was just example..
Wrong? It's not a matter of there being anything wrong, as opposed to best-practices. By going with a non-LTS (Long Term Support) release, you'll have to upgrade your operating system every 6 months -- which can be a very labor-intensive process -- and can cause more disruption than needed on a production server.
Have another answer? Share your knowledge.