In WordPress and other applications, we usually face ownership issues. Developers need their user to deploy code on server and make certain changes in files. If we give User Ownership to DEV user, this makes www-data user useless specially when WordPress tries to install or delete a Plugin or Theme, it does not work and typically show FTP user details page for changes to work.
To provide FTP user a password we need to write its credentials in a php file. This is a security threat and not a good practice to keep credentials in a file.
Now we need to provide www-data ownership recursively to all files and assign Group permissions to DEV user recursively. In this scenario the issue is that whenever Developer uploads new file or deletes previous files the User permissions are converted to DEV user instead of www-data. This again disables Wordprss to install or delete Plugin or Theme.
To counter all above issues we need to use an Apache plugin which asks Apache to run with our desired user instead of www-data. This is done on Virtual Hosts level. In each Vhost we can define our desired user with which we want to run the relevant website.
In case we do not want to run any vhost with different user and want to run it with default www-data user, we just do not need to make any changes and keep vhost as default.
The most commonly recommended option for this purpose is MPM-ITK (a quick hack would be to add yourself to the www-data group using “sudo usermod -a -G www-data USERNAME”)
sudo apt-get install apache2-mpm-itk
sudo a2enmod mpm_itk
Modify the virtual host config file in /etc/apache2/sites-available
AssignUserID USERNAME GROUPNAME
CustomLog /combined/log/path/logs/access.log combined
If you doing this on a machine that already had a default install where MPM-PREFORK is enabled you have to disable
sudo a2dismod mpm_prefork
sudo a2enmod mpm_itk
Now bedore restarting or reloading Apache, we need to test our changes syntax by running:
If syntax text shows OK then we can restart or reload apache