default permissions for /var/www
The default permission for /var/www
itself is a pretty standard one: owner root:root
and mod 755
.
As for anything inside /var/www
, that is one of the rare directories where you have the privilege of deciding for yourself what to put in it and what permissions everything in it should have. But what makes the most sense is:
Most files should be writable by whichever user or group is going to be writing to them most. You can set them to be owned by your user account. Or set up a custom group for your developers. Or if the files will be modified rarely and you want good security, you can go with
root:root
and just sudo in on the rare occasions they'll be modified.Most files should not be world-writable. So,
644
for files, and755
for directories is appropriate (or664
and775
if you want to give a group write access).It is not recommended to set any of it to be writable by the web server, ie
www-data
, except for any specific files your web scripts to be able to write to. If so, it's better to set the user or group of those files towww-data
than to make them world-writable. Note that any time thewww-data
user can write to any file within the web root, whether it's by setting the user or group on those files, or making them world-writable, it's a potential security problem. World-writable is just the worse of the two.
The permissions on this folder are:
chmod 755 /var/www/
and the files inside the folder are:
chmod 644 /var/www/file
Make sure the group is www-data on '/var/www'.
sudo chgrp www-data /var/www
Make it writable
sudo chmod 775 /var/www
set group id for subfolders
sudo chmod g+s /var/www
add your username to the group
sudo useradd -G www-data [USERNAME]
OR
usermod -a -G www-data [USERNAME]
give yourself ownership
sudo chown [USERNAME] /var/www/