Question

What are the correct permissions when setting up a server (Ubuntu, LEMP)

I’m new to all this server config, but I’ve got a Ubuntu 12.04 x32 with LEMP up and running by following https://www.digitalocean.com/community/articles/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-12-04

…and virtual hosts.

I’m a bit confused with permissions. I created a user www. But unless I set the permissions on a file to www-data wthin my var/www/domain.com/public folder it the site doesn’t run properly (no caches etc because of failed write permissions). Problem is, every-time I upload anything via FTP the permissions are root on those files.I’m logged in with root so that makes sense. If I log in with www I get permission denied if I try upload anything.

Further, I installed git. But when I run git init I get Permission denied. Unless I run sudo before it.

I kinda get why all this is happening, but could someone explain what permissions I should have on everything to make it all run smoothly?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

<b>“I was under the impression that was a security risk…”</b> <br> <br>You are correct. <br> <br>You need to execute <code>sudo chown -R www-data:www-data /var/www</code> <br> <br>Also, in the spirit of having things run “smoothly” yet securely, check out: <a href=“https://www.digitalocean.com/community/articles/how-to-use-filezilla-to-transfer-and-manage-files-securely-on-your-vps”>How To Use Filezilla to Transfer and Manage Files Securely on your VPS</a> <br> <br>

Initial Server Setup suggests creating a new user and granting it administration rights. This I followed but my user www doesn’t appear to have the same rights as root.

So I need to do that everytime I upload a file? Can’t I do something to set those permissions at upload?