It is important to provide the right file/folder permissions for Apache to be able to access your website’s files and directories. Otherwise you may see an error message on your website. In this article, we will look at the proper file permissions for Apache file/folders. You can think of them as Apache File Permissions Best Practices.
What File Permissions for Apache File/Folders
root is the default owner of files & folders in /var/www/html folder (which is typically Document Root) for your website. Also the file permissions are 755. It means other users cannot access these files easily.
Here are the steps to set the right file permissions for Apache file/folders. We will set our Linux user ubuntu as the owner of website directory with full read, write & execute permissions. We will also make the web server as the group owner with read and execute permissions. Others will not have any permission to access your entire website directories & files.
1. Set Your User
Let us say your website files & folders are located at /var/www/html. First we will set our user ubuntu to be the owner of these files.
$ sudo chown -R ubuntu /var/www/html/
In the above command, we use -R flag to recursively change the owner of all files & folders in your website’s document root.
Also read : How to Disable TLS 1.0/1.1 in Apache web server
2. Set web server as group owner
By default, Apache and NGINX use www-data as the user for web server. We will make it as group owner of our website’s files & folders.
$ sudo chgrp -R www-data /var/www/html/
Also read : How to Redirect POST request data in Apache
3. Set 750 permission for al file & folders
We will set permission 750 for all files & directories in our website. It means owner can read, write & execute; group owner and read & execute and no permission for others.
$ sudo chmod -R 750 /var/www/html/
Also read : How to Exclude Directory from Auth in Apache
4. Inherit permissions
Next, we need to ensure that if new files & folders are added to your website, they inherit the same group ownership from parent folder. You can do this with the following command where we use s flag for this purpose.
$ sudo chmod g+s /var/www/html/
If you also require your web server to be able to write to files & folders, you can modify the above command as shown below.
$ sudo chmod g+w /var/www/html/
Now all file permissions for directories and files in your Document root will be set appropriately.
Also read : How to Check Concurrent Connections in Apache