default permissions for /var/www
Solution 1
The permissions on this folder are:
chmod 755 /var/www/
and the files inside the folder are:
chmod 644 /var/www/file
Solution 2
The default permission for /var/www
itself is a pretty standard one: owner root:root
and mod 755
.
As for anything inside /var/www
, that is one of the rare directories where you have the privilege of deciding for yourself what to put in it and what permissions everything in it should have. But what makes the most sense is:
Most files should be writable by whichever user or group is going to be writing to them most. You can set them to be owned by your user account. Or set up a custom group for your developers. Or if the files will be modified rarely and you want good security, you can go with
root:root
and just sudo in on the rare occasions they'll be modified.Most files should not be world-writable. So,
644
for files, and755
for directories is appropriate (or664
and775
if you want to give a group write access).It is not recommended to set any of it to be writable by the web server, ie
www-data
, except for any specific files your web scripts to be able to write to. If so, it's better to set the user or group of those files towww-data
than to make them world-writable. Note that any time thewww-data
user can write to any file within the web root, whether it's by setting the user or group on those files, or making them world-writable, it's a potential security problem. World-writable is just the worse of the two.
Solution 3
Make sure the group is www-data on '/var/www'.
sudo chgrp www-data /var/www
Make it writable
sudo chmod 775 /var/www
set group id for subfolders
sudo chmod g+s /var/www
add your username to the group
sudo useradd -G www-data [USERNAME]
OR
usermod -a -G www-data [USERNAME]
give yourself ownership
sudo chown [USERNAME] /var/www/
Related videos on Youtube
Hossein Hosseinvand
Updated on September 18, 2022Comments
-
Hossein Hosseinvand over 1 year
I was trying to open a file and write to it with PHP at
/var/www
folder but it wasn't working so I didsudo chmod 777 /var/www
now I want to set the permissions for
/var/www
to the default.
what are the default permissions for/var/www
?-
Donato almost 9 yearsI am not a member of serverfault so I could not comment or upvote the answer. But this post really nails it: serverfault.com/questions/357108/…
-
huckbit over 5 yearsTry to check the doc inside the wiki page: File and Directory Ownership and Permissions for Web Content.
-
-
thomasrutter almost 10 yearsThat is not the default permissions for /var/www, and it's a very bad idea security-wise to make the whole web root writable by www-data. Only do this when web scripts need write access to particular files, and even so only do it to those particular files, not to the entire web root. And the OP did not say he needed to do this, anyway, so this should not be a recommendation at all.
-
thomasrutter almost 10 yearsAlso it's a very bad idea to add yourself to the www-data group and treat that group in that manner. Where did you read to do this? It's particularly bad advice, almost maliciously so. Create your own groups when you need to give a group access to something: don't re-use the unprivileged groups that are intended for internal use by daemons.
-
Chris over 9 yearsUpvoted as most conclusive answer here
-
abhishek77in over 9 years@neon_overload what do you recommend
-
kamil over 9 years@Banago personnaly I recommend a +1 :)
-
thomasrutter over 9 years@Banago & aWebDeveloper did you see the answer I wrote to this question? Still have questions?
-
Banago over 9 yearsNow, this is a really good answer. :)
-
Abraham Murciano Benzadon almost 6 yearsto improve the answer, consider adding commands to set the appropriate parmissions
-
Maciek Semik over 5 yearsIs there a recursive function that can change all folders to 755 and files to 644 inside var/www?
-
thomasrutter over 5 yearsYep: stackoverflow.com/questions/18817744/… (the second answer is more elegant than the accepted one IMO)
-
Zanna over 4 yearsDepending on the contents, it may be harmful to use the
-R
flag here. Since the OP did not use the-R
flag, we should not recommend it to correct the wrong permissions they created. The-R
flag is rarely helpful! -
ThunderBird almost 3 yearsThis answer seems opinionated to me...