On my Ubuntu 16.04 server I had followed my provider's (Digital Ocean) suggestion to establish a new user (let's call them user1) and give them root privileges while being able to access remotely via ssh. I have a standard LAMP installation with the imagemagick library php installed.
imagemagick complained about being unable to write and I realised it was using the default apache user www-data, which had no write privileges, of which only user1 had. So I chown'd the www directory to the www-data user and www-data group. I then added user1 to the www-data group.
Thinking I would just chmod the directory and its contents to 775, I read more than one piece of advice suggesting that this is not very secure. Is there a recommended procedure for allowing user1 write access to the directory; should I give imagemagick write permission by different means, or should I be using www-var for all file writing in this directory? I primarily sftp in for development and maintenance.
Update
It occurred to me that the only directory I need www-data to be able to write to can be isolated quite easily. So I executed chown on www and all its subdirs to user1:www-data instead, then ran chmod on the single folder and all its contents to 775. It only contains jpegs so this may be less of a vulnerability.
