I am porting a phpBB site from a shared server to a VPS, running Ubuntu 20.04. I have configured apache2 for virtual domains, since I have more than one. Here's where the boards are:
/var/www/example1.com/public_html/phpbb
/var/www/example2.com/public_html/phpbb
I want there to be a single user "userA" that makes changes to both sites, so I've made a sftp group "sftp_users" and added userA to it. I have also added userA to the www-data group, and changed this line in envvars:
export APACHE_RUN_USER=www-data
to this:
export APACHE_RUN_USER=userA
example1.com is owned by root:root, public_html by root:sftp_users, and phpbb and everything underneath recursively by userA:www-data. Permissions have been set recursively as well - 755 for directories, and 644 for files, per phpBB guidelines. And per those guidelines, the exceptions are the files, store, cache and images/avatars/uploads directories (all 777), and the phpbb/config.php file (640).
The board seems to be working - however, I make two observations:
Board members can upload attachments. However, unlike the files I ported from the shared server that members had previously loaded, and whose ownership I made userA:www-data, these uploaded files show www-data:www-data ownership. (This is also true of files and directories that get created by PHP in the cache on demand.) The change I made to envvars does not seem to have taken effect.
The permissions of the uploaded files is 666, and not 644 as I set the ported files (per phpBB guidelines).
I'm guessing that I want to do something along the lines recommended by @Zoredache and @Tom here:
What's the best way of handling permissions for Apache 2's user www-data in /var/www?
But if userA owned the files, couldn't I get by with the recommended 644 file permissions instead of 664? Why isn't userA the file owner - and is a umask of 0022 the answer to forcing permissions?
