Why use www-data user?

Application processes in root360 environments are run as the Unix-user www-data. Likewise, all application files (such as the files in your apache or nginx document roots) are owned by www-data.

To run a command as this user, use

sudo -u www-data command

As an example: to list the currently installed cronjobs on an application instance, you can use

sudo -u www-data crontab -l

Here is a more interesting example, an rsync command that copies data from <local-source-path> to /mnt/nfs/<destination-path> on a root360 natgw so that the resulting files are owned by www-data instead of your project user <project-user>:

rsync -rv --rsync-path 'sudo -n -u www-data rsync' <local-source-path> <project-user>@<natgw-ip-destination>:/mnt/nfs/<destination-path>

The next command copies from a local instance to an instance behind a root360 natgw, which is useful to copy data owned by www-data between application instances of your prod and test/stage environments. Take care to use ssh -A to connect to the source instance so that it can access your private key which it needs to connect to the other natgw:

$ rsync -rv --rsync-path 'sudo -n -u www-data rsync' -e 'ssh -J <remote-project-user>@<remote-bastion-host-ip>' <local-source-path> <remote-project-user>@<remote-application-instance-ip>:<destination-path>

$home of www-data

www-data does not have its own home directory. When you call commands with sudo -u www-data, you inherit $HOME from the calling user. In some cases you may want to manually set $HOME:

1 2 project-user $ HOME=/tmp/home; sudo -u www-data echo $HOME /tmp/home

intermediate