Ubuntu Server + Nginx, directory owner and privileges

Hi all, i've just installed my local live ubuntu server with all the needed software (openSSH, PHP7, MySQL, ecc ) and with my actual config i can run fine the application that i'm developing but id like to know the correct owner and user of the directory structure.

I have 2 account:

the first : administrator (with sudo privileges) for system update, ecc

the second : wwwuser (no sudo privileges) for updating the project via ssh

wwwuser is in the group www-data (same group used by nginx and php-fpm)

I have choose /var/www as base root for my

now i have set the /var/www as drwxr-xr-x wwwuser www-data

and added the r attribute to group at the storage and bootstrap/cache directories.

Is this correct and secure or there are better solutions? Thansk for your answer.

fideloper

10 years ago

Level 11

Hi Zakk!

That's an OK strategy. Here one annoying thing with that:

One issue with that approach is new files created in code (cache, logs, etc) won't create new files as group-writable. This means that user wwwuser, while part of group www-data, won't necessarily be able to edit those files.

One way around that is to use ACL's instead of just regular linux permissions, as these let you set defaults for new files/directories.

Optionally

I'm assuming you created user wwwuser as someone you can log in with, perhaps to deploy? If that's a system user who cannot login, I'd just keep using www-data as the user for application files. However, assuming you want to keep using wwwuser to log in with:

Consider adjusting php-fpm (and perhaps Nginx) to run as user wwwuser and group www-data. That way PHP will run as user/group wwwuser:www-data and you don't have to worry about group permissions and whether new files default to letting you write (g+r permissions).

This is how Forge sets itself up so file write-permissions don't become problematic.

Assuming wwwuser is a user to log in as

Please or to participate in this conversation.