We have an internal server where we work on with 3 users. It is running ubuntu with apache mysql proftpd
We often have permission errors. Sometimes we can't overwrite files but we can delete them etc. What would be a good way to set this up. Who should be the owner of the files? (currently www-data:www-data).
The 3 users need to be able to delete, write and read files from the webfolders. Apache needs to have all the rights to run Joomla.
You can create a group and add all your 3 users to this group. Then, you change the group owner to this new group and grant the group full permissions chmod g+rwx.
For apache user, most of the time it requires only read access to files and read+execute access on folders. You can set the owner to www-data:www-data for some folders like upload ones which require apache user to write to them.
Who should be the owner of the files?
NOT THE WEBSERVER UID!!!!
The webserver only needs read access to most of the files. There may be updateable files in specific directories depending on how Joomla is configured, but lets not worry about that just now.
Set up a group for the users whom need write access, say webdev. Then (as root):
cd $WEBROOT
find . -type d -exec chmod a+rx,o-w,g+ws {} \;
find . -type f -exec chmod a+r-x,o+r-w,g+ws {} \;
find . -exec chgrp webdev \;
Files are then readable by the webserver via 'other', writeable by the webdev via the 'group' permissions, and new files / directories will be created owned by webdev.
If you need to make specific directories writeable by the webserver uid, then chmod o+w them (and add a .htaccess file / modify the webserver config to prevent direct access by the webserver if they are inside the document root).
And please stop using FTP. It's an accident waiting to happen.
