www-data related: What's the difference between these usages of CHOWN?

Question

My user name is jknoppf. I use Apache and want to give myself full access to /var/www/html and start with

$ sudo adduser jknoppf www-data

Then I have

$ sudo chown -R www-data:www-data /var/www/html

It works!

But on some forums I have also read about

$ sudo chown -R jknoppf:www-data /var/www/html

And it also works! What is the difference between these two variants of using chown?

You should also check out these two questions: How to avoid using sudo when working in /var/www? and Whats the simplest way to edit and add files to “/var/www”? — Dan, Aug 29 '17 at 09:14

score 5 · Accepted Answer · answered Aug 27 '17 at 03:22

sudo adduser jknoppf www-data and sudo chown -R www-data:www-data /var/www/html:

The first one will add the user jknoppf into the group www-data, and the second one will change the owner of all the directories and files, including /var/www/html, into the user www-data, and also change the group owner into the group www-data. Since the permission for /var/www/html is by default 775, and the user jknoppf is in the group www-data, this user can have full access to all the contents inside.

sudo chown -R jknoppf:www-data /var/www/html:

This command change the owner of all the directories and files, including /var/www/html, into the user jknoppf, and also change the group owner into the group www-data. Since the permission for /var/www/html is by default 775, and the user jknoppf is the owner of the directory, this user can have full access to all the contents inside.

Remarks: the permission 775 means:

First 7: the owner of the file have full access to files, i.e. read 4 + write 2 + execute 1.

Second 7: all users in the group, which the group is owner, have full access to files, i.e. read 4 + write 2 + execute 1.

Third 5: all other people that are neither the owner nor the members of the group only have access to read 4 + execute 1.

Yes. It doesn't matter at all which version you use, it just changes whether you have access to the files. — Cynplytholowazy, Aug 27 '17 at 03:28

Ravexina · Answer 2 · 2017-08-27T03:40:15.883

It's all about what you are trying to achieve.

If you are one person who wants to work with the files within /var/www/html then you can go with the second statement. It makes your user the owner of the /var/www/html then you can save, edit, ... files within that directory, at the same time www-data is going to be the group of the directory so your web server is able to work with the files too.

If there are many people on your PC working on different projects, then you can go with the first statement, which allows all the members of www-data to work with files within the /var/www/html.

The first one is a better choice, however if different people are working on different projects on your system, what I suggest is to having different group as the project group and www-data as project owner.

Here an example, I have 3 user, bob, john and pyter.

bob and john are working on a project named "foo".
bob an pyter are working on a project namd "bar".

What suggest is:

sudo mkdir /var/www/html/foo
sudo mkdir /var/www/html/bar

sudo addgroup foo
sudo addgroup bar

sudo gpasswd -a bob foo
sudo gpasswd -a john foo

sudo gpasswd -a bob bar
sudo gpasswd -a pyter bar

chown foo:www-data /var/www/html/foo
chown bar:www-data /var/www/html/bar

Also I strongly recommend you to read:

What permissions should my website files/folders have on a Linux webserver?

www-data related: What's the difference between these usages of CHOWN?

2 Answers2