I have a new droplet that will be running multiple client sites. I setup the server to use Varnish, Nginx and MySQL on the latest version of Ubuntu and server blocks in Nginx. While I have got it all working I'm not sure of the best way to handle ownership of folders. For instance, following best security practices I created a new user with sudo powers and disabled the root login. I also added and SSH key to that new user (as well as Authy 2-factor authentication) and disabled password authentication. So now I login to that new user and then run sudo su to run commands as root. Say I have a few sites such as /var/www/example1.com/public/ /var/www/example2.com/public/ /var/www/test.example2.com/public/ Now I can create a separate user for each of those and assign that user/group to each of those site folders which allows me to edit those files through SFTP but then in WordPress I would run into issues where the webserver isn't running as www-data and thus won't be able to natively install plugins and such. I can set each of those to run as www-data:www-data which would avoid the WordPress issues but then I would be unable to easily edit files through SFTP (Transmit). While in general most changes would be through Git/Capistrano would want a way to edit on the fly through SFTP as well. Does anyone have recommendations on the best way to resolve this so that each WordPress site is running at as nginx which is www-data but also each site has their own ssh user so I can edit files through Transmit/SFTP program? Also want to make sure each of those SFTP users can only access their site and no others. Also I will want a single GIT user that will be able to deploy to all those sites as well as a single backup user that will be able to backup all the sites. Wouldn't need step by step instructions, rather looking more for the general theory on how to handle this user/group permissions wise. Thanks!