Webserver permissions once and for all
So after hours and hours of looking around tons of links and websites, all pointing people in different directions in terms of “the correct” or “best practice” for file-permissions on a webserver, I still haven’t found a solid answer.
What also surprises me is that I have seen no real information in official documentations regarding such a vital aspect of configuring a webserver on nginx (or apache for that matter).
I have the following scenarios that will need to be taken care of:
- Of course my web-server needs to execute/read/write to files
- My nginx is run by
www-dataand /var/ww/html/ folder is owned by
www-datauser & group
- I need my deployment service to write/delete in
/var/www/html. It has it’s own user and is a part of www-data group.
- I need my own user to be able to write/delete (when configuring, testing, changing, etc), without using sudo. I am also a part of
Currently I’m inclined to use
775 on everything, but I know and feel this is wrong.
chmod 775 -R /var/www/html the permission syms looks weird:
drwxrwsr-x (it seems to be an invalid one, and no online chmod calculator I have found can translate it to anything - they all say it’s invalid). The
ls -la command in
/var/www returns this:
mattias@jwlry:/var/www$ ls -la total 12 drwxrwsr-x 3 www-data www-data 4096 Sep 24 17:05 . drwxr-xr-x 14 root root 4096 Sep 24 17:05 .. drwxrwsr-x 4 www-data www-data 4096 Sep 25 09:45 html
Please enlighten me