Configuring Permissions for FTP and Apache

A better and more secure solution (i get uneasy with the internet having access to an admins home folder!) is to create a webroot folder in /

Terminal time!

cd /

sudo mkdir /webroot

sudo groupadd webdev

sudo usermod -a -G yourusername webdev

sudo chown www-data:webdev /webroot/

Now point apache to your new document root /webroot at the bottom of your apache config. This can be found here: /etc/apache2/apache2.conf

sudo nano /etc/apache2/apache2.conf

CTRL-O to save, CTRL-X to exit in nano if you are not familiar with it.

Simply replace DocumentRoot /var/www/ with /webroot/

Copy your webfiles now to webroot.

sudo /etc/init.d/apache2 reload

Apache should now have restarted with all the configurations loaded.

This has created a directory in root called webroot, owned by apache2, and group owner is the new group webdev, which your user is now appended to member of (this does not replace any groups!). This will allow you to edit the files in the FTP!

This is a very simple solution for a one-website apache server. More work is required if you plan on running multiple sites (creating separate folders for them in webroot for example)

The advantages of this are that if someone does find a vulnerability, they are locked into the webroot folder, and not your home folder! Also if you ever needed to allow any more users to modify the site, you can add their user to the webdev group with sudo usermod -a -G theirusername webdev

Hope this helps!

Kind Regards

相关推荐