Hi,

I am running Ubuntu 16.04 on a test server.  I'd like to understand ownership for virtual hosts.  I assume www-data:www-data so the files can be edited by PHP such as WordPress being able to upload or upgrade themes and plugins.  Is this correct?

I would also like to do some remote editing using SFTP.  Some say to add a password and shell to www-data so the editor can connect as www-data.  This seems like a security issue.

The other solution i;m seeing is to make the owner:group $USER:$USER - which makes the files owned by the SFTP user which seems not secure and I'm figuring WordPress will not be able to edit it's own files.

What is the appropriate way?

Thanks in advance.

Keith