Correct/secure way to be able to access var/www/html as non-root sudo user?

Hi guys,

New to vultr and VPS/self hosting in general, always ran with shared hosting so I'm still learning.

I've so far done the following on my Ubuntu 16.04 server

- Created a new user 'simon' for myself and given it sudo privleges.
- Set up SSH private/public key for that user and connected via Putty as I'm on Windows.
- Installed LAMP stack and phpadmin.

Now I'm at the point where I want to upload my website files and such, which I know need to go in var/www/html, or a subdirectory of it. But the new 'simon' user does not have write access to that folder. In googling this issue I've found a lot of confusing and conflicting information and I don't know which to follow.

What is the most secure and safe way to allow the non-root users like this to upload and access the /var/www/html folder?

Also when I do have access to it, what is the correct way to 'point' to it in any program? I figured it would be ~/var/www/html but because I'm logged in as simon, that instead is /home/simon/var/www/html, not what I want.

Thanks in advance.

Comments

  • If it's just going to be use, simply make yourself the owner of /var/www/html :smile:

    chown simon /var/www/html

    I assume the read permissions are already ok, because you imply that the "www" user can already read the files put there by "root"

    "~" means users home directory - without a user present it point to the current users directory, as you noticed.

    So the rest of the path is considered a subdirectory off your user home - again, as you noticed:

    e.g. ~/var ... --> /home/simon/var/ ...

    ~simon/var... --> /home/simon/var/...

    ~fred/var --> /home/fred/var/... (assuming fred exists, and has a home directory of /home/fred)

    To achieve what you want, simply get rid of "~" , i.e. use /var/www....

  • hi there,

    chown user /var/www/tml does not work with nginx

    we need to chown www data otherwise we do not see the website.

    any different solution?

  • If you change the owner to someone else without allowing "nginx" access, that will happen. Presumably, your files are not set to "other (i.e. everyone) readable.

    The best way would be to set the owner of the files/directories to the user, and the group of the files to the nginx group, whatever that is on your system.

    Then make sure files are -rw-r----- (mode 640) and directories are drwx-r-x-- (mode 750)

    That way, the user nginx runs under will only be able to read the files, and not alter them.

Sign In or Register to comment.