Hi folks,

Perhaps some of you more experienced linoders can comment on what the technically cleanest way to apply permissions on apache's public_html folder is. I have an apache user and my own user for ftp/ssh access that works with files in public_html.

From my limited view, I see 2 (probably not-so-good) ways:

1) create a group called 'www', add 'apache' and 'myuser' to the group and "chown -R apache:www public_html/" I guess this needs 664 permissions on files and 2775 on directories.

2) change config so apache service runs with 'myuser' instead and "chown -R myuser:myuser public_html/" with 644 permissions on files and (2?)775 on directories.


I'm on CentOs 6.4. running wordpress (and others). Suggestions greatly appreciated.

Cheers and thanks!



edit: version number typo.

What I do is own all of the files with my personal account and give the apache group read permissions for all files and rx for directories. Other gets none. Any directories where you need to upload files (such as a webmail app, for attachments) will need to be writable by apache, also.

WordPress automatic updates doesn't like this, though. Even if you give the apache group write permissions it won't run. I have a script to change the owner to apache prior to an upgrade and I revert everything back after.

The benefits of this is that I can manage my web sites with an unprivileged account.