I just set up my first instance of AWS EC2 server and I'm running into an issue with permissions on a script uploading pictures. 'var/www' (and all subdirectories) owner is 'ec2-user' however the apache server is running as 'apache'. Therefore all directories created dynamically by the php script (using mkdir) have 'apache' as the owner (which it seems doesn't have write permissions) I could certainly change the apache user to 'ec2user' but I'm worried that might be a security risk. What's the correct way of doing this? Thanks for your help.
This is a pure Linux permission problem, not an AWS problem. I just created an Amazon Linux instance and verified permissions in /var
[ec2-user@ip-1-1-1-174 ~]$ ls -ald /var/www
drwxr-xr-x 7 root root 4096 Oct 22 23:34 /var/www
As you see, ownership is root and not ec2-user. You should understand first what / why you see permission on /var/www/ to ec2-user
Should need to change the owner of that directory again, you can type :
chown -R root:root /var/www
It is not a best practice to let your web server (httpd) write to /var/www nor to run that process with elevated privileges (such as root).
Should your app really write to the local storage, use a different volume, mounted in a separate directory, where no executable are available.