Recommended user:group and directory permissions for web directory?

Question

What is the recommended user, group and directory permissions for the webroot directory?

Let say I have the below directory structure,

/var/www/

     /website-1/htm/
          index.html


     /website-2/html/
          index.html

Currently, I have

drwxr-xr-x  7 root root   4096 Jun 23 14:52 www

drwxr-xr-x 3 root root 4096 Jun 13 04:47 website-1
drwxr-xr-x 3 root root 4096 Jun 23 14:52 website-2

drwxrwxr-x 3 myuser myuser 4096 Aug  8 07:10 html

As you can see, the html folder is owned by my current user and group. I know this is not correct.
I’ve read that it should be www-data but again others I’ve read also are using root and even user accounts.

What would be the “best” recommended user:group and permission?

Answer 1

josvent90 August 12, 2019

Hello, I don’t know if I understood your question well but I had problems with the permissions on my site and the answer to this question helped me a lot, I also wait for you

[https://stackoverflow.com/questions/3740152/how-do-i-change-permissions-for-a-folder-and-all-of-its-subfolders-and-files-in](http://)

Reply Report

bontokiz August 12, 2019

I’m looking for the most secure permissions and what user/group should I give to the root folder of my website, which is the html folder.

I’m asking coz’ I’ve seen a lot of old articles that suggest root as the user and group. Others suggest www-data and others suggest a normal user with specific permissions.

As well as arguments, with 775 vs 755 permissions.

To be honest, I’m confused on what to follow hence I asked.
Reply Report
- KFSys August 12, 2019
  
  Hi bontokiz,
  
  I’m not sure where you checked permissions 775 are a good idea however they are too permissive. I wouldn’t recommend using them.
  
  The standard is actually 755 for folders. Some setups actually use 750 but that’s a different story if you actually host multiple clients on the same server.
  
  If you are hosting your own website, then using 755 should be fine.
  
  Kind regards,
  Kalin D.
  
  Reply Report
  
  bontokiz August 14, 2019
  
  Hi Kdimitrov,
  
  It wasn’t really mentioned as a “good idea” recommendation but it’s what mostly solved other issues.
  
  I will stick with 755 then.
  
  What about the user and group? www-data:www-data?
  
  Reply Report
  
  KFSys August 14, 2019
  
  Hi bontokiz,
  
  I see, it would explain why it was suggested as an answer, as it’s more permissive but yes, sticking with 755 is the better option.
  
  Regarding the user and group, you’ll need to check in which groups does the www-data user belong to
  
  groups www-data
  
  Once you know which groups it belongs to, you can set the ownership to them, so let’s say it belongs to the groups www-data and root, you can either set it as
  
  www-data:root or www-data:www-data whichever you like in this case.
  
  Kind regards,
  Kalin D.
  
  Reply Report
  
  bontokiz August 14, 2019
  
  Hi,
  
  Thank you.
  Last question, should I change all the files and directories inside the html folder to 644 as again suggested in most other forums?
  
  Or should I just run chmod -R 755 html to change the root folder and everything inside it?
  
  Reply Report
  
  KFSys August 14, 2019
  
  Hi there,
  
  folders and files usually have different permissions.
  
  For folders as we discussed, the standard is 755 and for file it’s 644. Having said that, you can run something like
  
  find . -type d -exec chmod 755 {} \; && find . -type f -exec chmod 644 {} \;
  
  Please note this will find all files and folders and change their permissions respectively to 644 and 755 in your current directory recursively. This would mean you need to be sure you are in the correct directory before running the above command.
  
  Another thing you can do is to specify the directory in the command itself
  
  find /path/to/directory -type d -exec chmod 755 {} \; && find /path/to/directory -type f -exec chmod 644 {} \;
  
  I personally prefer the second method but it’s up to you.
  
  Kind regards,
  Kalin D.
  
  Reply Report

Answer 2

bontokiz August 12, 2019

I’m looking for the most secure permissions and what user/group should I give to the root folder of my website, which is the html folder.

I’m asking coz’ I’ve seen a lot of old articles that suggest root as the user and group. Others suggest www-data and others suggest a normal user with specific permissions.

As well as arguments, with 775 vs 755 permissions.

To be honest, I’m confused on what to follow hence I asked.
Reply Report
- KFSys August 12, 2019
  
  Hi bontokiz,
  
  I’m not sure where you checked permissions 775 are a good idea however they are too permissive. I wouldn’t recommend using them.
  
  The standard is actually 755 for folders. Some setups actually use 750 but that’s a different story if you actually host multiple clients on the same server.
  
  If you are hosting your own website, then using 755 should be fine.
  
  Kind regards,
  Kalin D.
  
  Reply Report
  
  bontokiz August 14, 2019
  
  Hi Kdimitrov,
  
  It wasn’t really mentioned as a “good idea” recommendation but it’s what mostly solved other issues.
  
  I will stick with 755 then.
  
  What about the user and group? www-data:www-data?
  
  Reply Report
  
  KFSys August 14, 2019
  
  Hi bontokiz,
  
  I see, it would explain why it was suggested as an answer, as it’s more permissive but yes, sticking with 755 is the better option.
  
  Regarding the user and group, you’ll need to check in which groups does the www-data user belong to
  
  groups www-data
  
  Once you know which groups it belongs to, you can set the ownership to them, so let’s say it belongs to the groups www-data and root, you can either set it as
  
  www-data:root or www-data:www-data whichever you like in this case.
  
  Kind regards,
  Kalin D.
  
  Reply Report
  
  bontokiz August 14, 2019
  
  Hi,
  
  Thank you.
  Last question, should I change all the files and directories inside the html folder to 644 as again suggested in most other forums?
  
  Or should I just run chmod -R 755 html to change the root folder and everything inside it?
  
  Reply Report
  
  KFSys August 14, 2019
  
  Hi there,
  
  folders and files usually have different permissions.
  
  For folders as we discussed, the standard is 755 and for file it’s 644. Having said that, you can run something like
  
  find . -type d -exec chmod 755 {} \; && find . -type f -exec chmod 644 {} \;
  
  Please note this will find all files and folders and change their permissions respectively to 644 and 755 in your current directory recursively. This would mean you need to be sure you are in the correct directory before running the above command.
  
  Another thing you can do is to specify the directory in the command itself
  
  find /path/to/directory -type d -exec chmod 755 {} \; && find /path/to/directory -type f -exec chmod 644 {} \;
  
  I personally prefer the second method but it’s up to you.
  
  Kind regards,
  Kalin D.
  
  Reply Report

Answer 3

bontokiz August 15, 2019

Hi @Kdimitrov

Once again, thanks for the help.

With 755, the group has no Write permissions. This is a problem for my setup because I have another user that uploads/edits the site.

Do you think it’s okay if I will change the /var/www/website/html directory permission to 775 to allow groups from uploading?
And all files and directories inside html will be 644 and 755 respectively.

Also, what’s your take on setting the permissions and user:group of newly created or uploaded files automatically? Ways I’ve read so far are umask and setgid.

Reply Report

KFSys August 15, 2019

Hi bontokiz,

I’m happy to help!

If your setup it’s like that, then yes you can set the permissions of the folder to 775. Having said that, I wouldn’t suggest deploying this kind of setup on a droplet intended for hosting multiple separate websites.

What I would do is create the users with sudo access so they can actually switch as the proper user.

Regarding newly creating files to automatically be created with 644 permissions and files with 755, umask is the way to go.

Kind regards,
Kalin D.
Reply Report

Answer 4

KFSys August 15, 2019

Hi bontokiz,

I’m happy to help!

If your setup it’s like that, then yes you can set the permissions of the folder to 775. Having said that, I wouldn’t suggest deploying this kind of setup on a droplet intended for hosting multiple separate websites.

What I would do is create the users with sudo access so they can actually switch as the proper user.

Regarding newly creating files to automatically be created with 644 permissions and files with 755, umask is the way to go.

Kind regards,
Kalin D.
Reply Report

Related

Question

Recommended user:group and directory permissions for web directory?

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Recommended user:group and directory permissions for web directory?

Related

Leave a comment

Related

question

What is the virtual host configuration for a ZF3 application with nginx?

question

It has been 3 days and my domain is still not active

question

After applying cloud firewall my site is not working!!

question

WHat does 'thr'mean in htop

Looking for something else?