A golden rule: You should never have to manage a website from your home directory. MAY. You should not give the web server the opportunity to go through the /home/ to see the directory structure, as well as all other subfolders. A poorly configured Web server, or not configured, or without patch can cause a huge loss of data, or loss of credentials, likely to put personal data and access of different users at risk.

First, Occor create production directory within the directory /var / www / html. We will check then the permissions so that you and the web server can access any content in that directory and give the user the full reading / write access to all files and directories. Then, you just have to work on /var / www / html for your website.

After creating content /var / www / html:

  1. From Apache access to folders and files, so that it can serve the site without errors 403.
  2. Give your user read rights / Writing to files and folders, plus the ability to read the directory contents.
  3. (Optional but recommended) Set it so that all files or folders to be created here in the directory structure have set as the group www-data.
  4. (Optional) final cleaning security. We set the permissions so that the user and the Web server can see the site data, but other users can not access the file or directory structure for the site.

(1) Allowing Apache access to folders and files.

sudo chgrp -R www-data /var/www/html
sudo find /var/www/html -type d -exec chmod g+rx {} +
sudo find /var/www/html -type f -exec chmod g+r {} +

This sets the recursively ‘group‘ come www-data for folders and files. This provides the Web server permission to access the root directory structure of the document in your site. So it also ensures that the web server has read permissions to all files, so that the site data can be received.

There may be times when you have to give permission to write the file to a Web server, one in one directory – this can be achieved by making sudo chmod g+w /var/www/html/PATH (where PATH is the path to the file or folder in the directory tree where you need to apply the write permissions for the Web server).

NOTICE: There are many cases where this can expose information “safe” on a site configuration (such as login credentials to the database, etc..) And you should remove other permissions to access that data on those individual files or directories with the following: sudo chmod o-rwx /var/www/html/FILEPATH (replacing FILEPATH with the relative path to the folder /var / www / html for the file).

Also note that you may need to re-run these commands in the future if “new files” they get an error 403.

(2) Provide to the owner read privileges / Writing for folders and files and allow access to the folder to traverse the directory structure.

sudo chown -R USER /var/www/html/
sudo find /var/www/html -type d -exec chmod u+rwx {} +
sudo find /var/www/html -type f -exec chmod u+rw {} +

We make three things here. First, we set up your account as “owner” all files and directories in /var / www / html. We set the read and write permissions on the folders and allow you to access folders to insert them (the element +x on the directory entries). So we set all the files so that the owner has read permission / Writing.

(3) (Optional) Ensure that each new file is created with www-data as a user “privileged”.

sudo find /var/www/html -type d -exec chmod g+s {} +

This sets the bit “seen gid” for the group in the directory. The files and folders created within these directories will always have www-data as a group, allowing access to the web server.

(4) (Optional) final cleaning security, if you do not want other users to see data

We need your user to see the directories and files. We need also the web server to do it. We may not want other system users (tranne root) You can see the data. So diamoloro access, and we make sure that only our user and the web server can see the data.

sudo chmod -R o-rwx /var/www/html/

The attention to safety when it comes to web server is at the top. Obviously, this guide aims to be an initial idea. Tips?


TheJoe

I keep this blog as a hobby by 2009. I am passionate about graphic, technology, software Open Source. Among my articles will be easy to find music, and some personal thoughts, but I prefer the direct line of the blog mainly to technology. For more information contact me.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.