An example: Say Apache needs to have ownership of all the files in /var/www/html to serve the pages of a website. Is there any danger in making Apache the owner of this directory (and files and sub-directories), rather than just assigning ownership to the files and maintaining the current directory ownership? It seems like a less precise solution, and less precise solutions always seem to be insecure for reasons I haven't thought of.

It's basically a question of using

cd /var/www/html
chown -R user .


chown -R user /var/www/html

Thank you!

  • 113
  • 2

2 Answers2


Those two (sets of) commands do the same thing. . is "the current working directory".

In answer to the question you're actually asking, though - the difference is that when chowning just the files, Apache will not be able to create any new files in /var/www/html, only in subdirectories that were chown'ed.

  • 8,920
  • 1
  • 28
  • 34

You are fine only assigning ownership to sub files as long as

(a) apache does not need to create new files

(b) the execute bit (x) it turned on for all in the parent directory (needs this in order to cd into that directory)

Michael Martinez
  • 2,543
  • 3
  • 20
  • 31