On a dedicated server hosting one website, running Linux with no control panel, I'm trying to grant permission for multiple users to edit the public HTML folder (/var/www/html/).
I want to make sure I do this the best way, I imagine if I set the permissions loosely via CHMOD, it will allow anyone who can reach the folder via FTP to change it. Is the solution to set up a wheel group, add the intended users to the wheel group, and then set the permissions to the wheel group?
Right now, only one user can edit the public HTML.
Best Answer
Your solution is pretty close to what I'd recommend, but why do you specifically reference the
wheel
group? On many distributions the groupwheel
has full access to thesudo
command granting then full root access to the system.Let's assume you make a new group called
webadmins
:Then you want to set the proper permissions to allow your
webadmins
to make changes:The -R will set the permissions on all existing files. One issue that's common is if
joe
creates a file in /var/www/html it will, by default, be owned byjoe
and grouped tojoe
's default group. We can remedy this by setting the SETGID bit on the parent directory so new files will be grouped towebadmins
by default:One last issue is that your webserver will need to access these files as well. I, personally, don't like to leave global read access on /var/www/html because of the likelihood that someone will drop a .php script in there, so I set the directory to 770:
And then I add the apache user (
www-data
on RedHat systems, typically) to thewebadmins
group:Hope that helps!