This is a repost of an "off-topic" question on stackoverflow.
My scenario is:
I created a user and added that user to sudoers:
visudo
user ALL=(ALL) ALL
Then
sudo adduser user www-data
and
chown www-data:www-data -R /var/www
Did a service restart, then tried:
scp file user@ip:/var/www
Permission denied
The permissions I had applied for folders then files were (not wp-config.php or .htaccess):
drwxr-xr-x
-rw-rw-r--
I tried:
sudo chmod -R g+w /var/wwwI was then able upload files to
/var/www, but this set permissions to 775, so I ran:find /var/www -type d -exec chmod 755 {} \; Now I can edit files but not write to the folder via SFTP or SSHFS etc.
My question now is:
How do I write to /var/www without compromising security?
Answer
The sudo change affects only commands that you run with sudo command. Therefore it has no effect in this case.
I would prefer making user the owner of all files in /var/www. Then, you can chmod 777 all the directories and chmod 666 all the files that WP needs write access to. With this, if someone exploits a security issue in WP, he cannot overwrite WP files that easily.
Alternatively you can change the owner to www-data for files / directories WP needs write access to. However, this way user can not write to those files / directories.
If your server filesystem supports ACLs, you can add an ACL to /var/www which gives write permission for some other user than the owner. This can be achieved with setfacl command.
No comments:
Post a Comment