On a dedicated server hosting one website, running Linux with no control panel, I'm trying to grant permission for multiple users to edit the public HTML folder (/var/www/html/).
I want to make sure I do this the best way, I imagine if I set the permissions loosely via CHMOD, it will allow anyone who can reach the folder via FTP to change it. Is the solution to set up a wheel group, add the intended users to the wheel group, and then set the permissions to the wheel group?
Right now, only one user can edit the public HTML.
Best Answer
Your solution is pretty close to what I'd recommend, but why do you specifically reference the
wheelgroup? On many distributions the groupwheelhas full access to thesudocommand granting then full root access to the system.Let's assume you make a new group called
webadmins:Then you want to set the proper permissions to allow your
webadminsto make changes:The -R will set the permissions on all existing files. One issue that's common is if
joecreates a file in /var/www/html it will, by default, be owned byjoeand grouped tojoe's default group. We can remedy this by setting the SETGID bit on the parent directory so new files will be grouped towebadminsby default:One last issue is that your webserver will need to access these files as well. I, personally, don't like to leave global read access on /var/www/html because of the likelihood that someone will drop a .php script in there, so I set the directory to 770:
And then I add the apache user (
www-dataon RedHat systems, typically) to thewebadminsgroup:Hope that helps!