When working with Apache web servers on Linux, the default web root directory /var/www/html typically has restrictive permissions set. The output drwxr-xr-x 6 root root 4096 Jul 15 7:18 www shows:
- Owned by root:root
- Permissions 755 (rwxr-xr-x)
While you could simply run chmod 777 /var/www/html, this would be terrible practice from a security standpoint. Instead, we'll implement proper group-based permissions.
Here's the secure way to handle this:
# Check if www-data group exists (common on Debian/Ubuntu)
sudo grep www-data /etc/group
# On CentOS/RHEL/Amazon Linux, the group is often called apache instead
sudo grep apache /etc/group
# Add your user to the appropriate group
sudo usermod -a -G apache ec2-user # For Amazon Linux
# OR
sudo usermod -a -G www-data ec2-user # For Ubuntu
# Change group ownership of web directory
sudo chown -R :apache /var/www/html # Amazon Linux
# OR
sudo chown -R :www-data /var/www/html # Ubuntu
# Set correct permissions
sudo chmod -R 2775 /var/www/html
# Apply the changes by logging out and back in
exitFor more granular control, consider using ACLs:
sudo setfacl -R -m u:ec2-user:rwx /var/www/html
sudo setfacl -R -m d:u:ec2-user:rwx /var/www/htmlAfter making these changes, check the new permissions:
ls -ld /var/www/html
# Should show something like: drwxrwsr-x+In FileZilla's site manager, ensure you're using:
- Protocol: SFTP
- Logon Type: Key file
- User: ec2-user
- Key file: Your .pem file
If you still encounter issues:
- Verify SELinux context if applicable:
ls -Z /var/www/html - Check for parent directory restrictions
- Ensure you've logged out and back in after group changes
When you encounter "write permission denied" errors while trying to access /var/www/html via SFTP (using FileZilla or other clients), it's typically a Linux filesystem permissions problem. The key information from your ls -l output shows:
drwxr-xr-x 6 root root 4096 Jul 15 7:18 www
This means the /var/www directory is owned by root with permissions 755 (read/execute for everyone, write only for owner).
On AWS EC2 instances, you typically login as ec2-user which doesn't automatically have write access to system directories like /var/www. This is actually a security feature - you wouldn't want web directories writable by default.
Option 1: Add User to Apache Group
First, check if your system uses www-data or apache as the web server group:
ls -l /var/www/html groups ec2-user
If you see the group is different (common on CentOS/Amazon Linux):
sudo usermod -a -G apache ec2-user sudo chown -R ec2-user:apache /var/www/html sudo chmod -R 2775 /var/www/html
The 2775 sets the SGID bit so new files inherit the group.
Option 2: Create a Symlink from Home Directory
For development environments, you might prefer:
mkdir ~/www sudo rm -rf /var/www/html sudo ln -s /home/ec2-user/www /var/www/html sudo chown ec2-user:ec2-user ~/www
Option 3: Use ACLs for Fine-Grained Control
For more complex permission scenarios:
sudo setfacl -R -m u:ec2-user:rwx /var/www/html sudo setfacl -R -m d:u:ec2-user:rwx /var/www/html
After making changes:
sudo -u ec2-user touch /var/www/html/testfile ls -la /var/www/html
If the test file creates successfully, your SFTP client should now work.
Always:
- Use the least privilege needed
- Never make
/var/www/htmlworld-writable (777) - Consider using separate user accounts for SFTP vs. system administration
If permissions are correct but FileZilla still fails:
- In FileZilla Site Manager, ensure protocol is SFTP (not FTP)
- Set server type to "Unix" in Transfer Settings
- Try alternative clients like WinSCP for testing