Should I enable a password for user www-data?

June 20, 2015 11.1k views
Apache WordPress Ubuntu

In Ubuntu-Apache-Wordpress files under /var/www are owned by www-data user and www-data group.

If I login as root or other username I have to manually change ownership every time I upload files. I think it would be easier to just login as www-data.

What is the best practice here?

Is www-data some kind of special user?

What is the password for this user? Should I change it?

6 comments
  • I use this method:

    http://blog.netgusto.com/solving-web-file-permissions-problem-once-and-for-all/

    which allows me to have www mounted in my users home folder. Anything I add to that www folder as my user will automatically have permissions set for www-data

    It works great, and takes only a few minutes to set up, and solves all those permission issues for www-data

    The tutorial sets it up for a user called devone, but I just changed that to my username

  • Great!!

    Is it safe then to give users their FTP and trust they won't mess anything on their neighbours?

  • FTP is not safe. sFTP is.

    If you only mount the folders inside each users home directory that they should have access to, then it would be ok.
    I am not sure how you have things set up...but something like:

    user1 website is in /var/www/website1

    so you mount /var/www/website1 into /home/user1/website1

    that would work.

  • @sierracircle Isn't it safe if you lock the user to a directory?
    You can e.g. chroot it.

  • the unsafe thing about ftp is that it sends username and password as plain-text.

    So when you log in to an FTP account, anyone watching your network traffic can easily intercept the username and password.

    It is generally considered a bad idea to use FTP for much of anything these days. sFTP is simple to set up and encrypts your information, and can be used from most FTP clients (with the exception of Windows Explorer, unless you use a plugin called SWISH)

  • Ok get it, never use ftp. Thanks

2 Answers

This question was answered by @sierracircle:

I use this method:

http://blog.netgusto.com/solving-web-file-permissions-problem-once-and-for-all/

which allows me to have www mounted in my users home folder. Anything I add to that www folder as my user will automatically have permissions set for www-data

It works great, and takes only a few minutes to set up, and solves all those permission issues for www-data

The tutorial sets it up for a user called devone, but I just changed that to my username

View the original comment

The simplest way I found is using ServerPilot

Have another answer? Share your knowledge.