To set up permissions on /var/www where your files are served from by default:
sudo addgroup webmasters
sudo adduser $USER webmasters
sudo chown -R root:webmasters /var/www
sudo find /var/www -type f -exec chmod 664 {} \;
sudo find /var/www -type d -exec chmod 775 {} \;
sudo find /var/www -type d -exec chmod g+s {} \;
sudo chown -R www-data:webmasters application/cache/ [etc...]
Now log out and log in again to make the changes take hold.
The previous set of commands does the following:
- Create a new group called webmasters; all users who need write access to the app files will be added to this group.
- adds the current user ($USER) to the webmasters group.
- changes the owner of /var/www to root and the group to webmasters group.
- adds 644 permissions (-rw-rw-r--) to all files in /var/www.
- adds 775 permissions (drwxrwxr-x) to all directories in /var/www.
- sets the SGID bit on /var/www and all directories therein; this final point bears some explaining. Note also that you can also put a 2 at the front of your chmod octal (e.g. 2644) to do the same thing. sets the owner to www-data (Apache's user) and group of the supplied directory to webmaster. This ensures the directory is writable by Apache and anyone in the webmasters group. Do the same for all other directories that need to be writable.
For any projects with lots of directories and/or files, I highly recommend running the
findcommands in batch mode. This saves a lot of time since thechmodcommand will be called with as many path arguments per call as possible, rather than running thechmodcommand individually for every path found.To use batch mode you just need to replace
\;with\+at the each of thefindcommands.sudo find /var/www -type f -exec chmod 664 {} \+ sudo find /var/www -type d -exec chmod 775 {} \+ sudo find /var/www -type d -exec chmod g+s {} \+