# Best practice for handling www root folder?



## juan (Jan 5, 2014)

Can i get an insight on what are the best practice for a secured public_html?

Currently I'm uploading a joomla website on a vps and these is what i planned to do:


make a non-ssh user, 'user1'
invite user1 to www-data group
put the public_html on user1's home
chown -R user1:ww-data /path/to/public_html
This has been what I've been doing since, but i'm still not sure if it's safe. Thanks!


----------



## Melon (Jan 6, 2014)

I really don't know. I don't recommend this method, but this is what I do:


adduser non-root-user www-data
chmod 2775 /var/www
chown root:www-data /var/www
# Set HTTPd to use umask 0002
# Only work in /var/www with umask 0002 at non-root-user
Not the way to do it, but I don't know much about this stuff! Would also like some input from someone with more experience!


----------



## WebSearchingPro (Jan 6, 2014)

I would like to point out this is Debian/Ubuntu. Just in-case anyone stumbles upon this.


----------

