Permissions for /var/www/html
I have a virtual CentOS server with GoDaddy, and I'm having trouble setting up the permissions for /var/www/html.
Users are not allowed to log in as root, or even add themselves to the root group, so here's the corner I've painted myself into:
I changed its owner using the following command (I used the user:group that was in
httpd.conf):chown -R apache:apache /var/www/htmlI added my own user to the
apachegroup:usermod -a -G apache myuserI changed the permissions:
chmod 777 /var/www/html -R
This is the only way to give my SFTP account the ability to create, change, and delete files in /var/www/html. 777! (The SFTP account uses the same credentials as the ssh account, which means for all intents and purposes they're the same, right?)
I'm obviously new to Linux server admin, but this seems ridiculously insecure. Is there a better way to do all this?
Note The website I'm planning on putting up here will allow file uploads, cron jobs, etc., so I'm guessing that will complicate the necessary permissions as well. Is that correct?
Update Using 775 does not appear to work; I can upload/overwrite files, but when I just try to delete them, FileZilla gives me this error:
rm /var/www/html/index.php: permission denied
I have no idea why, but changing back to 777 "fixes" this.
Answer
You just need 775 for /var/www/html as long as you are logging in as myuser. The 7 octal in the middle (which is for "group" acl) ensures that the group has permission to read/write/execute. As long as you belong to the group that owns the files, "myuser" should be able to write to them. You may need to give group permissions to all the files in the docuemnt root, though:
chmod -R g+w /var/www/html