Group / Owner And Updating Wordpress Plugins

December 6, 2014 4.2k views

I'm having trouble getting a specific plugin (All In One Event Calender, by Time.ly) to update (all others work fine), and I think the difference is that this plugin requires the ability to write, as it has a cache directory.

I followed a tutorial when I first set up my VPS that had me create a wp-user account, which operates everything in my Wordpress installation. It's how wordpress updates via ssh, and that seems to work fine. However, my server uses the account www-data to write / execute php (that's my understanding at least), I tried setting www-data as the group / owner for the plugin directory (and just the cache directory in a separate test), and I can't get it to update. I can get it to install (requires the group / owner is www-data), but not update.

What combination of group / owner do I need to get a plugin that needs to write to a cache directory to be able to perform automatic updates (done by the user wp-user)?

5 Answers

the plugins are ran by Wordpress, which is ran by Apache or Nginx, which is ran by the user www-data

so if you set your Wordpress installation to 774 permissions like so:

sudo chmod -R 774 /var/www/yourwordpressfolder

and then set the owner and group as www-data:

sudo chown -R www-data:www-data /var/www/yourwordpress

that should do the trick. When you use SSH to upload files, or install plugins, those files are set as owned by the user you are logged in with SSH.. so that could be what was causing the issue.

the rule-of-thumb with network security: only give permissions that are needed.

in other words, err on the side of not enough permissions rather than the other way around.

your WordPress user is something different than the linux user (www-data)

www-data user AND group so that you can set your user you use for SSH to be a member of www-data group.

  • I definitely get the logic behind it, I just overloaded myself with information switching from Shared Hosting to a VPS here (love it, just a lot to take in).

    The last part you mentioned, setting wp-user to be a member of the www-data group, I think that's where I've failed thus far. I didn't really give any thought to the literal definition of "group" and "owner", I just saw them as two settings - obviously a "group" can be (and generally is) more than one. How do I make wp-user be a member of the www-data group?

  • You can add a user to a group by running the following command:

    sudo usermod -a -G group user

    To remove a user from a group:

    sudo gpasswd -d user group
  • I changed the plugin folder to www-data:www-data for owner / group, added the wp-user to the group, and that still failed. I then realized that in deleting the plugin (while updating), I probably needed to make the actual plugin directory use www-data as well. I decided to just www-data:www-data the entire Wordpress installation to test this, and it worked perfectly. That confirms I was right about why this particular plugin couldn't be activated AND update under my current settings.

    That being said, everything is in working order now, and I have a better understanding of how it works. I don't think there are any issues with the owner / group being www-data for everything in my Wordpress installation (permissions are correct), but correct me if I'm wrong, and should only apply www-data to the plugins folder, etc etc.

    Thanks again for your help, much appreciated!

  • Glad you have it working.

    One thing to keep in mind:

    lets say you want a certain plugin that you have downloaded, so you login via sFTP and upload the plugin.
    Well, whatever user you are logging in with via sFTP will now be the owner of that plugin you added. So you may need to run:
    sudo chown -R www-data:www-data /var/www/yourwordpress/wp-content/yourpluginyoujustuploaded

    otherwise that plugin might have issues or not enough permissions.

    If you use the WordPress interface to add plugins, you will not have that problem because WordPress is running under www-data already, so any files/folders it adds will be owned by www-data:www-data

  • Interesting, and good to know. I'll double check what happens next time I add one the way I have been (through Wordpress, SFTP via the wp-user account I made). Either way, simple enough, double check plugins to ensure they share the desired settings once added - thanks :)

I did a bit more reading, and it seems like your response is either dead on, or on the right track. Two questions:

Why 774 instead of 775? Everything I'm seeing that's similar is 775.

Secondly, should I be setting group AND owner to www-data, or just one or the other? If both are www-data, what's the point of the wp-user account?

One last issue related to this. While I can now update plugins, and they work great, I can no longer SFTP through Filezilla to those directories with owner / group of www-data. As is, I have to change the group and owner, upload the file, then change it back, which is far from optimal. The particular file I'm trying to edit is contained within a plugin (needs to be altered to turn debugging on).

Have another answer? Share your knowledge.