Webserver permissions

Roland0 · 9 Feb 2011 at 12:30

G'day peeps,

if i have a webserver with the document root as say '/var/www/example.com/web' and I set '/var/www/example.com/' as a users home directory, so they are chrooted (via FTP) do that directory. What permissions and ownership should I set the 'web' directory to?

It needs to be writable by the user, and I think it may need to be writable by apache as they have wordpress installed, and need it to change plugins etc?

At the moment it is owned by the user, and this doesn't seem to cause apache/wordpress any issues. Is there any documentation, or de-facto standard, on how to get this setup nicely? <with no security issues>

3dcandy · 9 Feb 2011 at 17:57

which distro? ubuntu needs the permissions set to www-data otherwise wordpress won't autoupdate plugins/core/themes properly

Roland0 · 9 Feb 2011 at 18:18

Thanks for the reply 3DCandy. I did the obvious thing and read the wordpress documentation. I seems that the way to do it is to setup the document root and down with the ownership as user:webserver (ie user:apache, in redhat/centos, or user:www-data, under debian). And then set the permissions to user read/write and group readonly, ie 644, all this the exeption of wp-content, which needs group write permissions, 664.

Thanks

3dcandy · 9 Feb 2011 at 19:02

no worries mate...foxed me for a couple of hours too!