To set up permissions on /var/www where your files are served from by default:
sudo addgroup webmasters
sudo adduser $USER webmasters
sudo chown -R root:webmasters /var/www
sudo find /var/www -type f -exec chmod 664 {} \;
sudo find /var/www -type d -exec chmod 775 {} \;
sudo find /var/www -type d -exec chmod g+s {} \;
sudo chown -R www-data:webmasters application/cache/ [etc...]
Now log out and log in again to make the changes take hold.
The previous set of commands does the following:
- Create a new group called webmasters; all users who need write access to the app files will be added to this group.
- adds the current user ($USER) to the webmasters group.
- changes the owner of /var/www to root and the group to webmasters group.
- adds 644 permissions (-rw-rw-r--) to all files in /var/www.
- adds 775 permissions (drwxrwxr-x) to all directories in /var/www.
- sets the SGID bit on /var/www and all directories therein; this final point bears some explaining. Note also that you can also put a 2 at the front of your chmod octal (e.g. 2644) to do the same thing. sets the owner to www-data (Apache's user) and group of the supplied directory to webmaster. This ensures the directory is writable by Apache and anyone in the webmasters group. Do the same for all other directories that need to be writable.
Just curious why don't you just
sudo chown -R www-data:webmasters /var/www
instead ofsudo chown -R root:webmasters /var/www
?