I was trying to open a file and write to it with PHP at /var/wwwfolder
but it wasn't working so I did
sudo chmod 777 /var/www
now I want to set the permissions for /var/www to the default.
what are the default permissions for /var/www?
Asked
Active
Viewed 2.1e+01k times
48
Hossein Hosseinvand
- 1,136
- 2
- 12
- 12
-
I am not a member of serverfault so I could not comment or upvote the answer. But this post really nails it: http://serverfault.com/questions/357108/what-permissions-should-my-website-files-folders-have-on-a-linux-webserver – Donato Jun 15 '15 at 21:01
-
Try to check the doc inside the wiki page: File and Directory Ownership and Permissions for Web Content. – huckbit Aug 09 '18 at 13:59
5 Answers
66
The default permission for /var/www itself is a pretty standard one: owner root:root and mod 755.
As for anything inside /var/www, that is one of the rare directories where you have the privilege of deciding for yourself what to put in it and what permissions everything in it should have. But what makes the most sense is:
Most files should be writable by whichever user or group is going to be writing to them most. You can set them to be owned by your user account. Or set up a custom group for your developers. Or if the files will be modified rarely and you want good security, you can go with
root:rootand just sudo in on the rare occasions they'll be modified.Most files should not be world-writable. So,
644for files, and755for directories is appropriate (or664and775if you want to give a group write access).It is not recommended to set any of it to be writable by the web server, ie
www-data, except for any specific files your web scripts to be able to write to. If so, it's better to set the user or group of those files towww-datathan to make them world-writable. Note that any time thewww-datauser can write to any file within the web root, whether it's by setting the user or group on those files, or making them world-writable, it's a potential security problem. World-writable is just the worse of the two.
thomasrutter
- 36,774
-
2
-
2
-
to improve the answer, consider adding commands to set the appropriate parmissions – Abraham Murciano Benzadon May 20 '18 at 22:08
-
Is there a recursive function that can change all folders to 755 and files to 644 inside var/www? – Maciek Oct 16 '18 at 01:04
-
Yep: https://stackoverflow.com/questions/18817744/change-all-files-and-folders-permissions-of-a-directory-to-644-755 (the second answer is more elegant than the accepted one IMO) – thomasrutter Oct 16 '18 at 03:44
-
So..... What should I do, then? Chown 755 /var/www/html or what ? – Raul Chiarella Jun 30 '23 at 19:35
-
I have no idea what you're wanting to achieve but I gave a bunch of advice in the answer. If you have a separate more specific question try asking it as a question. – thomasrutter Jul 08 '23 at 14:06
38
The permissions on this folder are:
chmod 755 /var/www/
and the files inside the folder are:
chmod 644 /var/www/file
chaos
- 27,506
- 12
- 74
- 77
13
Make sure the group is www-data on '/var/www'.
sudo chgrp www-data /var/www
Make it writable
sudo chmod 775 /var/www
set group id for subfolders
sudo chmod g+s /var/www
add your username to the group
sudo useradd -G www-data [USERNAME]
OR
usermod -a -G www-data [USERNAME]
give yourself ownership
sudo chown [USERNAME] /var/www/
-
10That is not the default permissions for /var/www, and it's a very bad idea security-wise to make the whole web root writable by www-data. Only do this when web scripts need write access to particular files, and even so only do it to those particular files, not to the entire web root. And the OP did not say he needed to do this, anyway, so this should not be a recommendation at all. – thomasrutter Jul 09 '14 at 02:03
-
3Also it's a very bad idea to add yourself to the www-data group and treat that group in that manner. Where did you read to do this? It's particularly bad advice, almost maliciously so. Create your own groups when you need to give a group access to something: don't re-use the unprivileged groups that are intended for internal use by daemons. – thomasrutter Jul 09 '14 at 02:04
-
1
-
1
-
1
-
1@Banago & aWebDeveloper did you see the answer I wrote to this question? Still have questions? – thomasrutter Jan 11 '15 at 00:09
-
@neon_overload, I did and it makes total sense. I was confused by the fast that /var/www was owned by root:root. But now permissions make a lot of sense to me. Thanks. – Banago Jan 11 '15 at 12:37
-1
sudo adduser $USER www-data
sudo chown root:root /var/www
sudo chown -R $USER:www-data /var/www/*
sudo chmod -R 755 /var/www
-
4Depending on the contents, it may be harmful to use the
-Rflag here. Since the OP did not use the-Rflag, we should not recommend it to correct the wrong permissions they created. The-Rflag is rarely helpful! – Zanna Nov 14 '19 at 07:08
-1
for what it's worth (I may be wrong-more testing to do) make sure that the files that you are transferring are "owned" by the user that logs in to BOTH machines. so for /var/www/website the webdir on the source machine is owned by kevin and the user on the dest machine was me too. i will do further testing once I have time. Thanks
