default permissions for /var/www

The default permission for /var/www itself is a pretty standard one: owner root:root and mod 755.

As for anything inside /var/www, that is one of the rare directories where you have the privilege of deciding for yourself what to put in it and what permissions everything in it should have. But what makes the most sense is:

  • Most files should be writable by whichever user or group is going to be writing to them most. You can set them to be owned by your user account. Or set up a custom group for your developers. Or if the files will be modified rarely and you want good security, you can go with root:root and just sudo in on the rare occasions they'll be modified.

  • Most files should not be world-writable. So, 644 for files, and 755 for directories is appropriate (or 664 and 775 if you want to give a group write access).

  • It is not recommended to set any of it to be writable by the web server, ie www-data, except for any specific files your web scripts to be able to write to. If so, it's better to set the user or group of those files to www-data than to make them world-writable. Note that any time the www-data user can write to any file within the web root, whether it's by setting the user or group on those files, or making them world-writable, it's a potential security problem. World-writable is just the worse of the two.


The permissions on this folder are:

chmod 755 /var/www/

and the files inside the folder are:

chmod 644 /var/www/file

Make sure the group is www-data on '/var/www'.

sudo chgrp www-data /var/www

Make it writable

sudo chmod 775 /var/www

set group id for subfolders

sudo chmod g+s /var/www

add your username to the group

sudo useradd -G www-data [USERNAME]
OR
usermod -a -G www-data [USERNAME]

give yourself ownership

sudo chown [USERNAME] /var/www/