Skip to content

Instantly share code, notes, and snippets.

@jlavelle-uk

jlavelle-uk/LAMPStack.md

Created November 19, 2018 06:15
Show Gist options
  • Save jlavelle-uk/c2b3e05cb26859157f65bf9959bf7b91 to your computer and use it in GitHub Desktop.
Save jlavelle-uk/c2b3e05cb26859157f65bf9959bf7b91 to your computer and use it in GitHub Desktop.
Download ZIP
Configuring Apache 2 File permissions and Ownerships
Raw
LAMPStack.md

LAMP Stack

A LAMP Stack is a term for: Linux, Apache, MySQL, PHP (and/or Perl and/or Python)

This file aims to give you information on how to correctly configure Apache 2 in your LAMP Stack for a Production Environment and a Development Environment.

Note: In a Production Environment you will also need to read and implement the information from the Apache2 Documentation: [https://httpd.apache.org/docs/2.4/] [https://httpd.apache.org/docs/2.4/misc/security_tips.html]

The default permission for /var/www itself is: owner root:root and mod 755.

For anything inside /var/www, you have the privilege of deciding for yourself what to put in it and what permissions everything in it should have. What makes the most sense is:

Most files should be writeable by whichever user or group is going to be writing to them the most. You can set them to be owned by your user account. Or set up a custom group for your developers. Or if the files will be modified rarely and you want good security, you can use root:root and just sudo in on the rare occasions they'll be modified.

Most files should not be world-writeable.

So, 644 for files, and 755 for directories is appropriate (or 664 and 775 if you want to give a group write access).

It is also a good idea to limit the files which the server can write to. If you are using a Framework, then you have to allow the server to write to and create files during development. Change the ownership and permissions on the Production Server.

Remember, the server has to write "logs", so these log directories must be writeable by the server.

Production Server

Set the Permissions for /var/www/public_html

Low:

Directories = 775, Files = 664

sudo chmod -R u+rwX,go+rwX,o-w /var/www/public_html

Medium (default):

Directories = 755, Files = 644

sudo chmod -R u+rwX,go+rX,go-w /var/www/public_html

High:

Directories = 700, Files = 600 (this can cause problems in some circumstances)

sudo chmod -R u+rwX,go+rX,go-rwx /var/www/public_html

Set ownership for /var/www/public_html

sudo chown -R www-data:www-data /var/www/public_html

or

sudo chown -R $USER:www-data /var/www/public_html

httpd.conf

Leave this file as is. Unless you want to change the user or the group for easier file editing (If you need Virtual Hosts, uncomment the line "Include conf/extra/httpd-vhosts.conf" or add it to the bottom of the file if it is missing )

Development Server

Set the Permissions for /var/www/

Directories = 775, Files = 664

  sudo chmod -R u+rwX,go+rwX,o-w /var/www/

Set ownership for /var/www/

  sudo chown -R $USER:www-data /var/www

Edit httpd.conf and change the “user” and/or group to you:

  sudo nano /etc/httpd/conf/httpd.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment