Permissions on /var/www

Alexander Kraev alexander.kraev at
Mon Aug 17 18:02:58 UTC 2009

Hi Brazen,

Right you are, that was not an appropriate example. I meant that all 
virtual host under the /var/www has to be owned by the same user and 
group www-data in case if you have only one user to manage many virtual 
hosts. www-data as an owner of root directory is not a secure option.


James Dinkel wrote:
> On Mon, Aug 17, 2009 at 12:00 PM, Alexander Kraev 
> <alexander.kraev at <mailto:alexander.kraev at>> wrote:
>     Hi,
>     It depends on web-server architecture and how many sites you are going
>     to run inside /var/www.
>     root:root is good for /var/www if you are running many sites in
>     /var/www. Let's say:
>     /var/www/ <>
>     /var/www/ <>
>     /var/www/ <>
>     Each of these directory has to be owned as www-data:www-data if you use
>     only www-data user to manage all virtual hosts and unix_user:www-data in
>     case of multi-user virtual host based web server.
>     It's a quick tip, all depends on your needs and web server's
>     architecture.
>  "Each of these directory has to be owned as www-data:www-data"
> This is absolutely not true, and a bad idea for reasons already pointed 
> out in this thread (Roy Sigurd Karlsbakk's email).  Only set www-data as 
> the owner when a web application specifically calls for it and only on 
> the folder or file that it calls for.
> For instance, say a web application requires the web server to have 
> write access to /var/www/myapp/uploads/.  Then keep /var/www owned by 
> root.root and perms set to 755, and change just the uploads folder to be 
> owned by www-data.root (or www-data.www-data, or root.www-data with 775 
> perms, it's all the same).
> If you do want users without root privileges to be able to modify the 
> directories, then that is ok give them permissions to write to whatever 
> they need, but you do not want to give www-data any more than read 
> permissions unless your web application specifically calls for it.
> Brazen

More information about the ubuntu-server mailing list