Permission problem for a user

October 26, 2014 3.5k views


When i run this commands

sudo chown -R www-data:www-data /var/www

and then this one:

sudo chmod -R 775 /var/www

My user tokar86a dont have access to upload files any more in the www folder. How can i give him that access? whiteout changing the folder permission i have set above. I need to have that so wordpress works.

4 Answers

So the problem is that www-data needs to have write permission to some of the files and folders you upload. It would be good to know which files WordPress requires write permission to and only give it to those files.

There is a less secure solution which involves giving write permission to only your user and www-data.

First lets take care of the initial permissions.

sudo chown -R tokar86a:www-data /var/www

Give setgid to /var/www so every file created in it will inherit it's group ID.

sudo chmod g+s /var/www

Now make sure that uploaded files will get rw- rw- --- permissions. Open sshd_config.

sudo nano +77 /etc/ssh/sshd_config

Find the line Subsystem sftp /usr/lib/openssh/sftp-server and append -u 017 to it.

Subsystem sftp /usr/lib/openssh/sftp-server -u 017

Save the file and reload SSH to activate the modification.

sudo reload ssh

Reconnect to SFTP and the problem should be solved. Uploaded files should be owned by your user. The group should be www-data and the permission should be rw- rw- ---.

If you want to retain read permission to world you can use 013 instead of 017.

By adding both users to the same group and chowning it to that group.

  • now i get this error: /var/www/ open for write: permission denied

One possible solution is that to change the group to your user's group. That way www-data and tokar86a will both have write permission.

sudo chown -R www-data:tokar86a /var/www

What is happening here is that the files you upload through FTP are owned by the user you used to upload with and they probably have rwx --- --- permissions so www-data can't do anything with them.

I assume you use VSFTPD as the FTP server. In which case you can find a setting called local_umask in vsftpd.conf which probably equal with 077. That is the permission of the uploaded files.

You could change local_umask to 022 which would make the uploaded files have rwx r-x r-x and www-data would be able to read all the files.

Don't forget to restart the FTP server after changing it's configuration.

sudo service vsftpd restart

In a production environment I would not recommend setting local_umask in a way that gives write permissions automatically. I would give write permissions specifically by hand to the required directories and users.

If you are developing something and not deploying to a production environment you can set local_umask to 000 to speed up the process, but only do this if you doing it on a private development environment!

Have another answer? Share your knowledge.