Apache & SFTP permissions on AWS EC2 Linux hosting

Using SSH I’ve granted access to my SFTP clients user “ec2-user” with the following command:

sudo chown -R ec2-user /var/www/html

However I also need to grant access to Apache which I can do with the following command:

sudo chown -R apache:apache /var/www/html

I assumed this would grant access to both, but this is not the case. How can I apply the command to both ec2-user & Apache at the same time?

Answer

When you have executed chown commands, you did next: at first you’ve changed the owner of /var/www/html to ec2-user, and with next command you’ve changed the owner and owner group to apache. You can set only one pair of owner:owner-group to file or directory or whatever.

You have at least two ways to solve your task:

1. usermod -a -G apache ec2-user – this will add user ec2-user to apache group, after that, make sure, that permissions allows apache group members to manipulate files and directories as you need.
2. Create a subdirectory in /var/www/html with owner set to ec2-user and group set to main apache group and make sure that Apache could access it. You can configure it as a VirtualHost to separate it from original DocumentRoot.

Also, you have to set ec2-user home directory to /var/www/html, because even if it’s has rights to access /var/www/html, it isn’t necessary that it can access /var or /var/www.