I have a simple question, however, I am struggling to understand how to do this in a secure manner,
I have a PHP-based web application that runs on Linux (Centos7), I have "user" access with Sudo privilege on the Linux server.
The web server (Apache) runs as an "apache" user with an "apache" group,
The problem is when I try to deploy applications using WinSCP, I get permission denied errors, the ONLY way I can solve this problem is to do a
usermod -g apache myusername
chmod 775 /var/www/html
I don't want to give 775 to the entire web folder, I think it's a big security issue, What is the most secure way to archive this type of task?
How can I deploy my app using Winscp with my user account but AS apache user? or any other suggestions on common industry practice that is considered safe?
There are multiple recommended ways to solve this issue.
/var/www/html
to the user who logins through WinSCP/SFTP. This can be done in multiple ways./var/www/html
(Simply by creating a symlink from /var/www/html to a directory owned by deployment user or by updating the apache configuration)