write permission for www-data

António P. P. Almeida appa at perusio.net
Wed Jul 27 14:12:15 UTC 2011

On 27 Jul 2011 14h50 WEST, nginx-forum at nginx.us wrote:

> Thanks folks. Let me conclude that it is better to keep the owner of
> my folders to be "root". Then give permission to www-data (nginx
> user) for every writable folder like upload and images? right?

Yes. Normally a simple 775 is enough with:

chown -R sites-user.www-data /path/to/writabledirs

find /path/to/writabledirs -type d -exec chmod 775 {} \;

> My main question is about the folder ownership; which is better?
> root or www-data?  Because when I normally create folder by SSH or
> SSH tunnel to server, I am there as root and create folder with root
> ownership.

Unless you have some sort of esoteric requirements you should,
*never*, ever, run a web site under the root user. Create a new user
and move all sites to a sites dir like this.

adduser sites-user

mkdir /home/sites-user/sites

ln -s /home/sites-user/sites /var/www/sites

Now move all site related files and dirs to /home/sites-user/sites.


--- appa

More information about the nginx mailing list