Introduction
Workdir, directory which contains web page files exposed by HTTP Server in this case apache2 should have suitable permissions.
Those permissions are not required for correct working of web content but are recommended for production environment due to various types of vulnerabilities and the structure of web pages.
Knowledge
Linux system have build-in tools which we can use for granting permissions:
chown - change file owner and group
chmod - change file mode bits
chgrp - change group ownership required parameters, options and operators:
-R, --recursive
operate on files and directories recursively
g - other users in the file's group
o - other users not in the file's group
+ - operator causes the selected file mode bits to be added to the existing file mode bits of each file
- - operator causes the selected file mode bits to be removed from the existing file mode bits of each file
r - read
w - write
x - execute (or search for directories)Default user, group and location for web pages files:
user: www-data
group: www-data
location: /var/wwwSetting permissions
Recommended permissions for default user, group and location:
sudo chown -R www-data:www-data /var/www
sudo chmod go-rwx /var/www
sudo chmod go+x /var/www
sudo chgrp -R www-data /var/www
sudo chmod -R go-rwx /var/www
sudo chmod -R g+rx /var/www
sudo chmod -R g+rwx /var/wwwAlternative version of (more restricted) permissions
sudo chown -R www-data:www-data /var/www
sudo find /var/www -type d -exec chmod 2750 {} \+
sudo find /var/www -type f -exec chmod 640 {} \+Additional permissions
For remote access (SSH/FTP/SFTP) and applications purpose (fronted operations eg. making new subdirs) files with public access should be granted recursively with open 777 (read/write/execute for everyone) permissions:
sudo chmod -R 777 /var/www/html/public