A problem I have when setting up a website on a new server (or a new site on an existing server) is sorting out permissions for the Apache user (www-data) and an FTP user. I can never quite remember how to set things up so that I am not continually needing to log into a console to adjust permissions so I can FTP some files to the server. This post is the definitive reminder to myself showing how it should be done. This example applies to Ubuntu but I guess it is equally applicable to other flavours of Linux.
Add the FTP User to the www-data Group
First thing we want to do is add the FTP user (you have created an FTP user haven’t you?) to the www-data usergroup. www-data is the user/group used by Apache.
sudo adduser ftp-username www-data
Change Ownership of Files
The next step is to set the www-data group as the owner of all files and directories in the HTML source directory.
sudo chown -R www-data:www-data /var/www
Grant Group Permissions
Now we want to add write permission for the www-data group for all the files and directories in the HTML source directory.
sudo chmod -R g+w /var/www
Add umask for New Files
The final step is to make a change to an Apache configuration file so that the umask for new files created by Apache is such that the www-data group has write permissions on them. Open /etc/apache2/envvars in your text editor of choice and add this to the bottom of the file:
The three octal digits for umask are for the Owner/Group/Others. The 0 leaves permissions unmasked (ie left at read/write/execute) and 7 gives no permissions at all. This would be equivalent to chmod 770. There’s a useful chart here showing the relationship between the binary rwx permissions and the octal numbers used by chmod and umask.
Credit for this must go to the top voted answer to this question on askubuntu.com.