I need to allow a non-root user to access (read and write) the webserver's web root folder /var/www/html. I need some help on how to best accomplish this. I want to avoid setting permissions too broadly.
Currently, permissions are as follows:
root@prodwww:/# ls -al /var/www/
total 12
drwxr-xr-x 3 root root 4096 Aug 6 08:52 .
drwxr-xr-x 15 root root 4096 Aug 6 08:52 ..
drwxr-x--- 8 root www-data 4096 Aug 18 21:45 html
root@prodwww:/#
and within /var/www/html
root@prodwww:/# ls -al /var/www/html/
total 88
drwxr-x--- 8 root www-data 4096 Aug 18 21:45 .
drwxr-xr-x 3 root root 4096 Aug 6 08:52 ..
...
-rw-r----- 1 root www-data 628 Jul 7 2016 _htaccesss
-rw-r--r-- 1 root root 10918 Aug 18 21:45 index.html
...
root@prodwww:/#
The user is in the group users but if I changed the folder's group to 'users', then www-data (Apache web server) group could not access.
Should I
- add www-data to group users and change /var/www/html 's group to users?
- add the user's account to the www-data group?
- create a new group and add the user's account and the apache user account to that group and change the folders group to the new group?
- perhaps set Apache (www-data) as the owner and set the group to users?
- do something else?