How to Grant User Permissions for /var/www/html in Linux: A Sysadmin Guide


4 views

When managing web servers on Linux systems, proper permission management for the web directory (/var/www/html) is crucial. There are three primary approaches to grant access:

  1. Changing Ownership: Make the user the owner of the directory
  2. Group Permissions: Add the user to a group with access
  3. ACLs: Use Access Control Lists for finer control

The simplest approach is changing directory ownership to your webadmin user:

sudo chown -R webadmin:webadmin /var/www/html

This grants full control but might be too permissive for production environments.

A more secure approach involves creating a dedicated group:

# Create a new group (if doesn't exist)
sudo groupadd webmasters

# Add user to group
sudo usermod -a -G webmasters webadmin

# Change group ownership
sudo chgrp -R webmasters /var/www/html

# Set permissions
sudo chmod -R 2775 /var/www/html

The 2775 permission breaks down as:

  • 2: Set GID bit (new files inherit group)
  • 7: Owner RWX
  • 7: Group RWX
  • 5: Others RX

For complex permission requirements, Access Control Lists provide more flexibility:

# Install ACL utilities (if needed)
sudo apt install acl

# Grant specific permissions
sudo setfacl -R -m u:webadmin:rwx /var/www/html

# Make permissions recursive
sudo setfacl -R -d -m u:webadmin:rwx /var/www/html

Always test your changes:

# Check ownership
ls -ld /var/www/html

# Check group membership
groups webadmin

# Check ACLs
getfacl /var/www/html
  • Never use 777 permissions
  • Restrict write access to specific subdirectories when possible
  • Consider SELinux contexts on RHEL-based systems
  • Regularly audit permissions

When managing web servers on Linux, it's common to need to grant specific users access to the web root directory (/var/www/html). This is particularly important for developers who need to deploy or modify web content without root privileges.

The most secure and maintainable method is to add your user to the www-data group (common on Debian/Ubuntu) or apache group (common on CentOS/RHEL):

# Add user to www-data group
sudo usermod -a -G www-data webadmin

# Change group ownership of /var/www/html
sudo chgrp -R www-data /var/www/html

# Set correct permissions
sudo chmod -R 2775 /var/www/html

# Verify the changes
ls -ld /var/www/html

For more granular control, consider using Access Control Lists (ACLs):

# Install ACL tools if needed
sudo apt-get install acl  # Debian/Ubuntu
sudo yum install acl      # CentOS/RHEL

# Set ACL permissions
sudo setfacl -R -m u:webadmin:rwx /var/www/html
sudo setfacl -R -d -m u:webadmin:rwx /var/www/html

If permissions don't seem to apply:

  • Ensure the user logs out and back in after being added to a new group
  • Check SELinux contexts if using CentOS/RHEL: ls -Z /var/www/html
  • Verify parent directory permissions allow access

Best practices to maintain security:

# Restrict permissions to only what's needed
sudo find /var/www/html -type d -exec chmod 2775 {} \;
sudo find /var/www/html -type f -exec chmod 664 {} \;

# Set proper ownership
sudo chown -R root:www-data /var/www/html