SSH users should be able to write in the /var/www/clientX/webX/ folder to enable deployments etc.
Hello We offer our ssh config to professional clients. These clients use deployment scripts so they can deploy new versions of their applications and easily revert to an old applications if needed.
What I noticed is that the /var/www/clientX/webX/ folder has root:root permissions. This feels wrong and unnatural to me since it's the SSH users home folder. The problem is also that deploy scripts won't work because they have to be able to deploy to a private location AND symlink the web folder.
Because of the permissions you can't edit the web folder and you are forced to deploy in the provate folder.
I know you do this most likely because of security but I fail to see how making the /var/www/clientX/webX/ folder permission webX:clientX would compromise security.
Also all folders like SSL and log should be webX:clientX. People should be able to modify them when they want.