So with the apache virtual hosts, all the files would belong to Apache. so
any files you want to allow PHP to modify you would need to make sure that
www-data has the ability to modify the files. Also, make sure they don't
have any root ownership.
my preferred configuration is to make anything run by my web server is
owned by the web server, and then any files that are deemed "dangerous" are
read-only until I need them to change.
On Fri, Apr 26, 2019 at 6:27 PM <
techlists@phpcoderusa.com> wrote:
> Hi,
>
> I am running Ubuntu 16.04 on a test server. I'd like to understand
> ownership for virtual hosts. I assume www-data:www-data so the files can
> be edited by PHP such as WordPress being able to upload or upgrade themes
> and plugins. Is this correct?
>
> I would also like to do some remote editing using SFTP. Some say to add a
> password and shell to www-data so the editor can connect as www-data. This
> seems like a security issue.
>
> The other solution i;m seeing is to make the owner:group $USER:$USER -
> which makes the files owned by the SFTP user which seems not secure and I'm
> figuring WordPress will not be able to edit it's own files.
>
> What is the appropriate way?
>
> Thanks in advance.
>
> Keith
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)