gsowrey
By:
gsowrey

Apache permissions with WordPress on CentOS 7

December 29, 2015 4.1k views
WordPress Apache

I've set up dozens of CentOS servers before, so this one is baffling me to say the least...

I've got a "nothing fancy" LAMP stack running on a CentOS 7 droplet. I've got a VirtualDirectory configuration running a WordPress site that I've run on other hosts for many years, and it's never given me a problem before. I've transferred it here, and have tried to install a plugin through the UI.

I get the "FTP login" screen (which I've never seen before). I've tried using chmod -R g+w on the wp-content folder (which I've never had to do before), I've set define('FS_METHOD', 'direct'); as well. I've tried setting the apache user SSH keys. None of them solve my problem.

I thus must assume that I've got an Apache and/or a UNIX user config issue. But I can't seem to find it.

Any pointers and/or hints would be greatly appreciated!

Cheers,
Geoff

1 Answer

Hi Geoff,

The permissions you need will depend on which user Apache is running as. I found this article from Smashing Magazine, a while back, which does a great job at explaining exactly which permissions WordPress needs in order to run properly. I recommend it a lot in Support tickets, as well as to my friends who are seeing that dreaded FTP upload screen. Hopefully it helps you out!

The main takeaway from it is, on a VPS like your Droplet:

www-data (or whichever group the webserver is running as) should have group permissions for all of the WordPress files.

All files should be 664
All directories should be 775
wp-config.php should be set to 660, so "other" users cannot see sensitive information in that file.

Of course, this is only for a private environment like your Droplet. If you're using the droplet to host multiple users, you'll need a slightly different setup (also detailed in the article I linked above).

I hope that helps. Please let me know if you need any further help with this. :)

Best,
Eris
Platform Support Specialist

  • Hi Eris,

    In principle, I agree with you, but I have the difficulty of understanding why I'd need different permissions than with other hosts I've used. This should be something I should be able to configure through Apache and/or UNIX user perms, no?

    (Side note: I made "apache" own everything, with a common group, which does solve my current problem. This still perplexes me, though.)

    Cheers,
    Geoff

    • Hey Geoff,

      You shouldn't need different permissions than with other hosts you've used. A Linux system is a Linux system. But it also depends on those hosts' configurations. If you were using a shared host, it's going to be different.

      For instance, with mod_privileges you can have each VirtualHost run as a specific user. On a previous host, your Apache process may have been running as the same user you log in as, so it'd have owner permissions.

      On most machines, Apache runs as www-data:www-data, but the files will be owned by whichever user you upload the files as. If you want to continue to be able to edit those files without chowning them each time, they can continue to be owned by you, but you'd need to grant group permissions to, for instance, Apache, and make sure the files are group-writable.

      Best,
      Eris
      Platform Support Specialist

Have another answer? Share your knowledge.