Hello.

I have a local development web server in which the file properties are set to wwww-data:www-data for the server to work and everything works fine.

However, when doing administrative work using Nautilus file manager, it is very frustrating to go into directories that have image files in which I need to tweak them, and having no access to file (see attached images with permissions).

What kind of permissions/ownership must I use so that 1) the server is safe from hacks when migrated to a public server and 2) that allow me as a logged in user (not root) to view the images (and thus alter them through image editing software)?

should I become a part of the www-data group?

The directories are 755 and the files are 644.

Thank you.

Attached Thumbnails

   

I noticed that in the directories with the inaccessible image files, that the file permissions were 660 not 644. I changed to 644 and now I can edit them.

I also added my personal user to the www-data group.

Please advise if the above is safe.

Thank you.

I guess you mean 664, so your user's www-data group has write permissions on these files.
I'd suggest you to revert back permissions to 644 and change the ownership of these files to your user. Of course that means that you're not going to edit these files via the webserver.

Regards

Which means that for both directories as well as files the GROUP doesn't have write permission (both are readonly for others than the owner).
Becoming part of the group thus won't give you any extra rights.

What the other reply (#5) suggested: make everything OWNER your user and GROUP www-data and leave the permissions as above.
Then YOU (as owner) are the only one who can change them and the webserver only has READ permission and thus cannot change things, which actually is more secure.
If you got an upload capability, let those go to a single directory which is still owned by www-data, so that (only) there the webserver can store files.