2

Does it pose a security risk if I change the owner of the document root on Apache?

I've been spoiled by generic website hosting providers. I'm used to SFTPing my files over to the host and hitting refresh to make sure the changes have taken effect.

Now I've invested in cloud hosting with root access to a real (well, virtual) server. My document root is owned by the root user and right now I have to transfer the files to my home directory on the server then copy them to the document root with sudo cp. Every time I do this, I have to type my long, unrememberable, randomly-generated password (stuck to my monitor with a post-it note :)).

I'd love to sudo chown user:user /var/www/html so I can just transfer the files directly there, but I'm concerned about security.

Would it be less of a problem if I just changed the group of the directory and added my user to that group? Is the www-data group safe to use for that?

Vince
  • 153

2 Answers2

1

If you consider SSH's login protection to be adequate to protect your server, then I think it would be reasonable to chown the document root to your userid.

There's nothing gained by using the group instead of owner, if there's just one user managing the server. If you had multiple maintainers, and you wanted all of them to be able to update documents without having to use sudo, then it would be useful to change the group, and add all the admins to that group.

Barmar
  • 398
1

There's a good article on setting up permissions here. Short answer: probably no real risk doing what you've suggested, just make sure to set owners, groups, and permissions properly according to that guide or other reputable information. Sometimes this will be 755, sometimes 775, sometimes 700, sometimes others.

Community
  • 1
Tim
  • 33,870
  • 7
  • 56
  • 84