Help with permissions for systemd init script guide (/var/www)

After following the systemd init script guide over at I realized that I don’t have access to the www directory nor files inside the directory. The only way I can think of would be to sudo passwd www-data and set a password on it so I can sftp into it or run commands through the command line using www-data as the user. However, I think that’s bad practice, isn’t it?

What would be the right way to go about this? Create a directory in my user’s home directory and symlink it to /var/www? Looking forward to suggestions.

1 Like

Hi Adriano,

You’re correct, in general logins should only be available for user accounts, not service accounts, so giving www-data a password wouldn’t be an ideal solution.

Looks like following that guide sets the permissions on the /var/www directory as read-only for everyone (including www-data). Under this permission scheme, you’d need to copy in files with sudo and then correct ownership/permissions (sudo chown -R www-data:www-data /var/www, and sudo chmod -R 555 /var/www). I think it’s safe to say that this was done so that there’s no chance of any rogue services being able to write files to the public HTML directory (unless they had root access, in which case permissions are an afterthought).

For more convenient access you’ll need a different permission scheme. You might consider taking ownership of the files yourself and leaving them in the www-data group (sudo chown -R <YOURUSER>:www-data /var/www) and then make them owner-writable, group-readable (sudo chmod -R 755 /var/www). I would generally do this for a development environment where I would frequently be making small changes and then checking the results.

Don’t forget to double check that only the correct services and users have write access to the files, especially if you have a scripting engine (e.g. PHP) running.

My solution was something similar to your suggestion. I created a new group called servermaster and added both my user and the www-data user to this new group. I then gave ownership of all files in /var/www to this new group. Then lastly I set group read+write permissions on /var/www. Everything works perfectly :slight_smile:

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.