Proper permissions for web server's directory
I have a doubt that I think is very basic but to which strangely I couldn’t find a concrete answer no matter how much I’ve googled for it.
When configuring a web server (Nginx, in my case), most people recommend setting the permissions as follows:
- Create a new user other than root, and add it to the www-data group.
- Set the ownership of /var/www to the www-data user and www-data group.
- Directories 755
- Files 644
This means that:
- The user owner of the directory (www-data) can read, write and execute.
- The assigned group (www-data, where my user is) can read and execute, but not write.
- Everyone else can read and execute, but not write.
The problem with this is that, if the permissions are set in this way, I can’t edit files from the FTP because my user doesn’t have write permissions; this would require allowing the group to write adjusting the permissions like this:
- Directories 775
- Files 664
However, I don’t know if this could be a security issue, or why do people recommend doing it the other way if it doesn’t work through FTP. So, what is the most appropriate way to set permissions for the server directory?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.