Question

Non-root user SFTP & /var/www/html permissions

Posted October 9, 2015 3.7k views
UbuntuSecurity

Hi,

So I set up a new Ubuntu 14.04 server with Wordpress and I’ve created a non-root user (admin1) and set up certificate based auth. I’ll be using Secure FTP/SFTP content up to the server as needed. My issue is that I don’t want FTP but rather ONLY Secure FTP/SFTP but I cannot upload with this user.

My current file permissions and ownership are Ubuntu server defaults of 755 and www-data:www-data.

Problem:
I try to upload via SFTP and it says I don’t have permission to do so. Yes, this make sense but I’m not sure how to fix it without having too lax a permission set.

Question(s):
What are the proper file permissions and ownership I must set to allow upload to /var/www/html without compromising the security of my server?

Is there a way that uploaded files to /var/www/html can have the proper owner of the directory in which they are loaded (www-data:www-data)?

I’ve tried to set /var/www/html to 775 and add the non-root user admin1 to the var-www group. Is that correct? I’d appreciate any help.

Thanks!

1 comment
  • I’m in the same boat. I’ve been working in DigitalOcean about 3 days now to get configured. I’m a novice at Linux / Unix. I’ve made some good progress, but I am stuck at this point now with the permissions for SFTP.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Also, I disabled ROOT in my SSH configuration.

Not an answer…but I too would like to know the best practices for this scenario. How do I give other users read+write access to folders in /var/www using SFTP and/or SSH with keys?

I’ve seen things along the lines of chroot and/or bind like:

mount --bind /home/actual_share/ /home/someguy/shared/
Submit an Answer