Appropriate file permissions for websites using Git and FTP
What are the appropriate file permissions for a website which can be updated by either Git (e.g. core app files), FTP (e.g. plugins) or upload forms (e.g. images)?
WordPress would be a good example:
FTP updates change the owner to ftpuser:ftpuser.
Uploaded images are assigned to the apache:apache user by default.
Git updates change everything to root:root.
Most people recommend 755 for folders and 644 for files, assuming everything is owned by the same user, which of course is not the case.
I could create an additional group named web, assign it to all of the above users and simply
chown -R root:web, but then I would have to set the default group to web for all these users, which is not something I’m comfortable with.
One Solution collect form web for “Appropriate file permissions for websites using Git and FTP”
- I think you could reconfigure Git to use an SSH key owned by apache:apache, which would make the file owner apache:apache. (Haven’t tried this one myself.)
- Check the available options & configuration for your FTP server — you might be able to run the FTP server as apache:apache, instead of ftpuser:ftpuser. If you support other FTP services that require an FTP server running under ftpuser:ftpuser, you might still be able to do this by running the (second) apache:apache FTP server on a different port.