Reputation: 934
Force owner of all files in the folder "/var/www" are user www-data
I have a dedicated server, installed with Debian, Apache and PHP installed using "sudo apt-get install php5 php5-curl" command.
You can force all created files in folder and sub-directories are always user www-data?
If I log into sftp and I send it to a file on FTP, it is always as root, because I'm logged in as root, it is also possible to change, for example, I want to send the file to the server logged in as root but it is his owner www-data?
Upvotes: 0
Views: 1299
Answers (1)
Reputation: 157927
Having all files under www-data being owned by the web server - assuming write permissions by default - is dangerous, as a bug in a script or the web server itself could lead to source code injection.
The files under /var/www shouldn't be owned by the web server unless a certain web application really needs write access to a folder.
Even then and especially in a shared hosting environment there are better solutions than making the web server owner of such directories because this would allow every other PHP script - started by the web server - to write into that directory.
Upvotes: 1
Related Questions
- Apache & SFTP permissions on AWS EC2 Linux hosting
- Permissions of uploaded files in /var/www
- How to set permissions on Ubuntu server to allow Apache user and second user to write to web directory?
- PHP - mkdir default user is www-data, how to change?
- Apache file ownership / group
- changing file permission ownership
- Linux set permissions to folder (ftp and Apache2)
- How to set permissions in Linux /var/www to allow automatic overwrite from PHP-Apache
- CHMOD a linux directory using PHP on an apache server
- Allowing PHP to change file and directory ownership and permission