Appropriate file permissions for websites using Git and FTP

What are the appropriate file permissions for a website which can be updated by either Git (e.g. core app files), FTP (e.g. plugins) or upload forms (e.g. images)?

Users involved:

  • Generating ssh keys for 'apache' user on shared hosting
  • Why doesn't Subversion allow to commit .htaccess files?
  • Apache basic authentication issue with reverse proxy
  • Client denied by server configuration for Git and Apache
  • Modifying apache to prevent public accessibility of .git folder
  • Jenkins unable to find valid certification path to requested target error while importing Git repository
  • WordPress would be a good example:

    FTP updates change the owner to ftpuser:ftpuser.

    Uploaded images are assigned to the apache:apache user by default.

    Git updates change everything to root:root.

    Most people recommend 755 for folders and 644 for files, assuming everything is owned by the same user, which of course is not the case.

    I could create an additional group named web, assign it to all of the above users and simply chown -R root:web, but then I would have to set the default group to web for all these users, which is not something I’m comfortable with.

  • Git deployments with PHPloy using FTPS
  • Set the Apache htdocs/subfolder as GIT working dir
  • Syncing customer's changes from ftp to git
  • Sync FTP with master branch
  • How to configure SVN web access for different write permissions?
  • having a branch for live and development using git on server
  • One Solution collect form web for “Appropriate file permissions for websites using Git and FTP”

    1. I think you could reconfigure Git to use an SSH key owned by apache:apache, which would make the file owner apache:apache. (Haven’t tried this one myself.)
    2. Check the available options & configuration for your FTP server — you might be able to run the FTP server as apache:apache, instead of ftpuser:ftpuser. If you support other FTP services that require an FTP server running under ftpuser:ftpuser, you might still be able to do this by running the (second) apache:apache FTP server on a different port.
    Git Baby is a git and github fan, let's start git clone.