Non-root user SFTP & /var/www/html permissions

October 9, 2015 994 views
Security Ubuntu


So I set up a new Ubuntu 14.04 server with Wordpress and I've created a non-root user (admin1) and set up certificate based auth. I'll be using Secure FTP/SFTP content up to the server as needed. My issue is that I don't want FTP but rather ONLY Secure FTP/SFTP but I cannot upload with this user.

My current file permissions and ownership are Ubuntu server defaults of 755 and www-data:www-data.

I try to upload via SFTP and it says I don't have permission to do so. Yes, this make sense but I'm not sure how to fix it without having too lax a permission set.

What are the proper file permissions and ownership I must set to allow upload to /var/www/html without compromising the security of my server?

Is there a way that uploaded files to /var/www/html can have the proper owner of the directory in which they are loaded (www-data:www-data)?

I've tried to set /var/www/html to 775 and add the non-root user admin1 to the var-www group. Is that correct? I'd appreciate any help.


1 comment
  • I'm in the same boat. I've been working in DigitalOcean about 3 days now to get configured. I'm a novice at Linux / Unix. I've made some good progress, but I am stuck at this point now with the permissions for SFTP.

2 Answers

Also, I disabled ROOT in my SSH configuration.

Not an answer…but I too would like to know the best practices for this scenario. How do I give other users read+write access to folders in /var/www using SFTP and/or SSH with keys?

I've seen things along the lines of chroot and/or bind like:

mount --bind /home/actual_share/ /home/someguy/shared/
Have another answer? Share your knowledge.