What are the correct permissions when setting up a server (Ubuntu, LEMP)

October 22, 2013 7.1k views
I'm new to all this server config, but I've got a Ubuntu 12.04 x32 with LEMP up and running by following https://www.digitalocean.com/community/articles/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-12-04 …and virtual hosts. I'm a bit confused with permissions. I created a user `www`. But unless I set the permissions on a file to `www-data` wthin my var/www/domain.com/public folder it the site doesn't run properly (no caches etc because of failed write permissions). Problem is, every-time I upload anything via FTP the permissions are `root` on those files.I'm logged in with root so that makes sense. If I log in with www I get permission denied if I try upload anything. Further, I installed git. But when I run `git init` I get Permission denied. Unless I run sudo before it. I kinda get why all this is happening, but could someone explain what permissions I should have on everything to make it all run smoothly?
6 Answers
Erm, dunno. That would make sense wouldn't it! I was under the impression that was a security risk and that I should create a user with lesser powers - hence the www user.

But on FTP I am logged in as root, but when I upload files their permissions are root, and then need changing to www-data to be used.
If you just need to change the owner...
chown www-data:www-data {FILE OR DIRECTORY NAME}
So I need to do that everytime I upload a file? Can't I do something to set those permissions at upload?
[Initial Server Setup](https://www.digitalocean.com/community/articles/initial-server-setup-with-ubuntu-12-04) suggests creating a new user and granting it administration rights. This I followed but my user `www` doesn't appear to have the same rights as `root`.
by Etel Sverdlov
This tutorial covers how to login with root, how to change the root password, how to create a new user, how to give the new user root privileges, how to change the port, and how to disable root login in. This tutorial is written for Ubuntu. When you first create your server, this tutorial explains the first steps you need to take. This tutorial is written for Ubuntu 12.04.
"I was under the impression that was a security risk..."

You are correct.

You need to execute sudo chown -R www-data:www-data /var/www

Also, in the spirit of having things run "smoothly" yet securely, check out: How To Use Filezilla to Transfer and Manage Files Securely on your VPS

by Pablo Carranza
This article will teach you how to use Filezilla to transfer and manage files securely on your VPS.
Have another answer? Share your knowledge.