The way I normally setup Debian systems is as follows:
1) As root, create a new group called 'www' then place yourself within that group, logout and back in for it to take effect.
sudo groupadd www sudo gpasswd -awww logout
2) Make the entire /var/www directory structure be owned by 'www-data' and the 'www' group. Give users belonging to the 'www' group write permissions, then set the sticky bit on the group for this directory structure so that any new directories created will take on these same permissions.
sudo chown -R www-data:www /var/www sudo find /var/www -type f -exec chmod 664 {} \; sudo find /var/www -type d -exec chmod 775 {} \; sudo find /var/www -type d -exec chmod g+s {} \;
That should now give you sufficient permissions to create directories and files within /var/www manually (ie: Via a terminal). If you want these directories to be writtable by the server process you will however need to chown them to www-data:www. Any new directories created by the Apache process will automatically be owned by www-data:www.
3) Allow users within the 'www' group to change directories they own within /var/www to be owned by 'www-data:www'.
sudo sudoedit /etc/sudoers
Then add the following line.....
%www ALL = NOPASSWD: /bin/chown www-data /var/www/*, /bin/chown -R www-data /var/www/*
This means users within the 'www' group can now execute....
sudo chown www-data /var/www/<directoryname>
on directories they own, making them writtable via the Apache process.
That's basically it. Allot of people like to simply join the www-data group and set the sticky bit on /var/www but you generally don't want all directories to be writtable by the Apache process.
--------------------
Sumber : http://forums.phpfreaks.com/topic/186274-debian-varwww-file-permissions/