The /var/www folder needs to be readable by the www-data system account. Try this :

(1) Allow Apache access to the folders and the files.

This recursively sets the ‘group’ to be www-data for the folders and files. This then gives the web server permission to recurse and get access to the site document root directories structure (+x for directories only). It then also ensures the web server has read permissions for all files, so site data can be received. There may be some cases where you have to give the web server write permission to a file, or to a directory – this can be achieved by doing sudo chmod g+w /var/www/html/PATH (where PATH is the path to the file or folder in the directory structure where you need to apply the write permissions for the web server). NOTICE: There are a lot of cases where this may expose ‘secure’ information about a site configuration (such as database access credentials, etc.), and you should remove ‘other’ access permissions to that data on those individual files or directories with the following: sudo chmod o-rwx /var/www/html/FILEPATH (replacing FILEPATH with the path relative to the /var/www/html folder for the file). Note also that you may have to re-run these commands in the future if ‘new files’ get 403 issues, in order to give correct permissions to the web server to keep being able to access files and folders that are created or copied in and aren’t getting the www-data group set correctly.

(2) Give your owner read/write privileges to the folders and the files, and permit folder access to traverse the directory structure.

Replace USER in the first command with your own username! We do three things here. First, we set your user to be the “Owner” of all the files and directories in /var/www/html. Next, we set read and write permissions on the folders, and permit you to access the folders to go into them (the +x item on the directory items). We then set all the files to have read/write permissions for the owner, which we just set.

(3) (Optional) Make sure every new file after this is created with www-data as the ‘access’ user.

This sets the “set gid” bit for the group on the directories. Files and folders created inside these directories will always have www-data as the group, permitting the web server access.

(4) (Optional) Final security cleanup, if you don’t want other users to be able to see the data

We need your user to see the directories and files. We need the web-server to do so too. We may not want other system users (except root) to see the data. So lets not give them that access, and make it so only your user and the web server can see the data.

NOTE: You will not have to re-run this at a later time, or edit the permissions for the ‘other’ category of permissions here. If the ‘other’ users can’t get to /var/www/html/ (they don’t have the necessary +x bit on /var/www/html to traverse the filestructure and directory structure, nor the +r bit to read the file lists), then the permissions on items underneath that directory for other users or groups isn’t really going to matter too much.