After years of using chmod 777
to solve PHP write permission woes, I want to know the proper way of solving the problem.
I have a website on my server owned by user1
in group user1
. There is a folder in this website called uploads
.
Normally to get writing with PHP to work, I have to chmod
this folder to 777
. But I obviously recognise this is dangerous and incorrect, and I want to setup the permissions properly to minimise risk.
From my limited knowledge, I see two options,
- I
chown
theuploads
folder so that it's owned byapache
. This way, I can just use the default permissions andapache
can happily write to the folder. - I add a second group to
apache
ofuser1
. I then give write permission to the owner and group onuploads
, which should allowapache
to write touploads
?
My question is, what is the best approach? Is it one of the above or something completely different?
If the best solution is #1, how can user1
also write to uploads over SFTP as that solution will not let them?