Ubuntu: Configuring Permissions for FTP and Apache



Question:

I have a web server (Apache2) that i access with FileZilla.

On my web server i have a dir /home/admin/www that i binded to /var/www. So i can access it with FTP. This works perfect!

But everytime i restart my web server i have to do the bind again and again. Can't i say to my webserver that those maps need to be binded for always? Also i need to reset all my permissions everytime again, what am i doing wrong?


Solution:1

A better and more secure solution (i get uneasy with the internet having access to an admins home folder!) is to create a webroot folder in /

Terminal time!

cd /  sudo mkdir /webroot  sudo groupadd webdev  sudo usermod -a -G webdev yourusername   sudo chown www-data:webdev /webroot/  

Now point apache to your new document root /webroot at the bottom of your apache config. This can be found here: /etc/apache2/apache2.conf

sudo nano /etc/apache2/apache2.conf  

CTRL-O to save, CTRL-X to exit in nano if you are not familiar with it.

Simply replace DocumentRoot /var/www/ with /webroot/

Copy your webfiles now to webroot.

sudo /etc/init.d/apache2 reload  

Apache should now have restarted with all the configurations loaded.

This has created a directory in root called webroot, owned by apache2, and group owner is the new group webdev, which your user is now appended to member of (this does not replace any groups!). This will allow you to edit the files in the FTP!

This is a very simple solution for a one-website apache server. More work is required if you plan on running multiple sites (creating separate folders for them in webroot for example)

The advantages of this are that if someone does find a vulnerability, they are locked into the webroot folder, and not your home folder! Also if you ever needed to allow any more users to modify the site, you can add their user to the webdev group with sudo usermod -a -G theirusername webdev

Hope this helps!

Kind Regards


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »