First, useradd
creates a new user. As you (iain) already exist, you want to call usermod
instead. So that would be:
sudo usermod -aG www-data iain
addgroup www-data
(note the -a
on Debian-based servers (Ubuntu included) that will add you to that group, and keep your membership to other groups. Forget it and you will belong to the www-data group only - could be a bad experience if one of them was wheel. On SUSE-type servers the option is -A
instead of -aG
so read man usermod
carefully to get it right.)
Second, you don't want apache to have full rw access to /var/www
: this is potentially a major security breach. As a general rule, allow only what you need, and nothing more (principle of least privilege). In this case, you need apache (www-data
) and you (www-data
group) to write (and read) in /var/www/example.com/public_html
, so
sudo chown -R www-data:www-data /var/www/example.com/public_html
sudo chmod -R 770 /var/www/example.com/public_html
Edit: to answer your original question, yes, any member of www-data
can now read and execute /var/www
(because the last bit of your permissions is 5 = read + exec). But because you haven't used the -R
switch, that applies only to /var/www
, and not to the files and sub-directories it contains. Now, whether they can write is another matter, and depends on the group of /var/www
, which you haven't set. I guess it is typically root:root
, so no, they (probably) can't write.
Edit on 2014-06-22: added a note that -aG
option is valid on Debian-based servers. It apparently varies with the distribution, so read man
carefully before executing.
What I've done is to chroot my users to their home directories and then used mount --bind
to create a link to it in their home directories.
I then used setfacl
to make sure www-data
maintans write permissions on new files in the directory. This effect will recurse into /var/www
, which is what you want to do.
By setting g+s
on the directory, all new files and directories created within it will inherit the group ownership from its parent.
useradd someuser
mkdir -p /home/someuser/www
mount --bind /var/www /home/someuser/www
chmod g+s /home/someuser/www
chown -R someuser:www-data /home/someuser/www
setfacl -d -m g::rwx /home/someuser/www
That should do the trick.
Make your mounts persistent
Obviously you want your mounts to still be there when you reboot the server. It's as simple as adding the mounts to your /etc/fstab
. Not all providers let you touch this file, but most do.
Just add lines like this:
/var/www /home/someuser/www none bind 0 0
You might want to reboot to make sure it works.
Best Answer
That is a protected folder. You need to be root in order to modify this directory.
You can also make gab the owner of this directory by doing
sudo
will execute thechown -R gab /var/www
command as a root (administrator) and prompt you for your password used when setting up the system (most likely the same password as gab).Once you do this, you can also do
to give write permissions.
The 755 means that the user will have full access, group will have read and execute access and others will have read and execute access.