Configuring Permissions for FTP and Apache

permissions apache2 ftp

58,957

A better and more secure solution (i get uneasy with the internet having access to an admins home folder!) is to create a webroot folder in /

Terminal time!

cd /
sudo mkdir /webroot
sudo groupadd webdev
sudo usermod -a -G webdev yourusername 
sudo chown www-data:webdev /webroot/

Now point apache to your new document root /webroot at the bottom of your apache config. This can be found here: /etc/apache2/apache2.conf

sudo nano /etc/apache2/apache2.conf

CTRL-O to save, CTRL-X to exit in nano if you are not familiar with it.

Simply replace DocumentRoot /var/www/ with /webroot/

Copy your webfiles now to webroot.

sudo /etc/init.d/apache2 reload

Apache should now have restarted with all the configurations loaded.

This has created a directory in root called webroot, owned by apache2, and group owner is the new group webdev, which your user is now appended to member of (this does not replace any groups!). This will allow you to edit the files in the FTP!

This is a very simple solution for a one-website apache server. More work is required if you plan on running multiple sites (creating separate folders for them in webroot for example)

The advantages of this are that if someone does find a vulnerability, they are locked into the webroot folder, and not your home folder! Also if you ever needed to allow any more users to modify the site, you can add their user to the webdev group with sudo usermod -a -G theirusername webdev

Hope this helps!

Kind Regards

58,957

Nadeem Akram

Updated on September 18, 2022

Comments

Nadeem Akram over 1 year

I have a web server (Apache2) that i access with FileZilla.

On my web server i have a dir /home/admin/www that i binded to /var/www. So i can access it with FTP. This works perfect!

But everytime i restart my web server i have to do the bind again and again. Can't i say to my webserver that those maps need to be binded for always? Also i need to reset all my permissions everytime again, what am i doing wrong?
Laice over 12 years

Not a problem :) do you mind if i rename the title to better reflect the answer i have given?
Nadeem Akram over 12 years

certainly not :-)
Benaiah about 11 years

for some reason I was getting no such user webdev when I used your command >sudo groupadd webdev I tried this and it seemed to work. Well added the user in /etc/group file anyway. sudo usermod -a wwwlogin -G webdev
Laice over 10 years

This was my fault, in my answer I switched round the user and group inadvertently, this was corrected by Damon, lesson learned!
Eduardo B. over 10 years

@Damon, I think you need to set appropriate permissions such that the owner (www-data) and group (webdev) have the same permissions like for a directory: it should be 775 (instead of default 755) and 664 (instead of 644) for files.
Damon over 10 years

@EduardoB. I only made a minor edit; Laice had accidentally flipped the user and group when posting the answer on the usermod command, so I corrected that. Other than that, I followed this answer/recipe and it worked well for me.
www139 almost 8 years

In apache2 in the LAMP package for Ubuntu, the file that contains the document root is located in /etc/apache2/sites-available/000-default.conf