The basic mission here is to prevent general access to /var/www/xxx… whilst allowing access to /var/www/henriks-folder for the henrik user.
1.) First we need to make sure Apache has access to /var/www, www-data is the Apache user which needs to always have access. From the start the ownership looks like this root:root, created by the root user and owned by the root group. Let’s change that:
chgrp -R www-data /var/www chmod -R g+rwxs /var/www chmod -R 770 /var/www
I’m not sure if the second line is necessary, the g will make sure that we keep the same permissions etc as the parent directory on new files. The third line is the thing, it will give full access to root and the www-data group to the www folder and recursively to all sub-folders, world will not be able to do anything (zeroed out).
2.) Give full access to only the www folder:
chmod 777 /var/www
The above is needed, otherwise Henrik can’t cd into his own directory since he is not allowed access to the parent.
3.) Create Henrik’s folder:
mkdir /var/www/henriks-folder chmod -R 777 /var/www/henriks-folder chown -R henrik:henrik /var/www/henriks-folder
The third line is optional since we’ve already given full world access on line two. In case you want for instance Fredrik to not have access to Henrik’s folder it would have to look something like this:
usermod -a -G www-data root mkdir /var/www/henriks-folder chown -R henrik:www-data /var/www/henriks-folder chmod -R 770 /var/www/henriks-folder
I don’t know if it’s necessary but in order for root to still have access to the folder I add him to www-data on the first line.