Sorry for the basic question - I'm a .NET developer and don't have much experience with LAMP setups.
I have a PHP site that will allow uploads to a specific folder. I have been told that this folder needs to be owned by the webserver user for the upload process to work, so I created the folder and then set permissions as such:
chown apache:apache -R uploads/ chmod 755 -R uploads/
The only problem now is that the FTP user can not modify the uploaded files at all.
Is there a permission setting that will allow me to still upload files and then modify them later as a user other than the webserver user?
This question is tagged with
~ Asked on 2008-08-14 13:22:25
You can create a new group with both the apache user and FTP user as members and then make the permission on the upload folder 775. This should give both the apache and FTP users the ability to write to the files in the folder but keep everyone else from modifying them.
~ Answered on 2008-08-14 13:32:55
I would go with Ryan's answer if you really want to do this.
In general on a *nix environment, you always want to err on giving away as little permissions as possible.
9 times out of 10, 755 is the ideal permission for this - as the only user with the ability to modify the files will be the webserver. Change this to 775 with your ftp user in a group if you REALLY need to change this.
Since you're new to php by your own admission, here's a helpful link for improving the security of your upload service:
~ Answered on 2008-08-14 13:45:04
I would support the idea of creating a ftp group that will have the rights to upload. However, i don't think it is necessary to give 775 permission. 7 stands for read, write, execute. Normally you want to allow certain groups to read and write, but depending on the case, execute may not be necessary.
~ Answered on 2016-02-12 15:17:52
I will add that if you are using SELinux that you need to make sure the type context is tmp_t You can accomplish this by using the chcon utility
chcon -t tmp_t uploads
~ Answered on 2008-08-14 13:43:36
What is important is that the
apache user and group should have minimum
read access and in some cases
execute access. For the rest you can give
This is the most safe setting.
~ Answered on 2012-02-27 06:11:53
Based on the answer from
@Ryan Ahearn, following is what I did on
Ubuntu 16.04 to create a user
front that only has permission for nginx's web dir
* pre-steps: * basic prepare of server, * create user 'dev' which will be the owner of "/var/www/html", * * install nginx, * * * create user 'front' sudo useradd -d /home/front -s /bin/bash front sudo passwd front # create home folder, if not exists yet, sudo mkdir /home/front # set owner of new home folder, sudo chown -R front:front /home/front # switch to user, su - front # copy .bashrc, if not exists yet, cp /etc/skel/.bashrc ~front/ cp /etc/skel/.profile ~front/ # enable color, vi ~front/.bashrc # uncomment the line start with "force_color_prompt", # exit user exit * * add to group 'dev', sudo usermod -a -G dev front * change owner of web dir, sudo chown -R dev:dev /var/www * change permission of web dir, chmod 775 $(find /var/www/html -type d) chmod 664 $(find /var/www/html -type f) * * re-login as 'front' to make group take effect, * * test * * ok *
~ Answered on 2017-06-07 03:26:42
chgrp your website folder. Try
myusername# chown -R myusername:_www uploads
~ Answered on 2014-07-11 02:51:20