Question

Permission problem for a user

  • Posted on October 26, 2014
  • tokar93Asked by tokar93

Hi

When i run this commands

sudo chown -R www-data:www-data /var/www

and then this one:

sudo chmod -R 775 /var/www

My user tokar86a dont have access to upload files any more in the www folder. How can i give him that access? whiteout changing the folder permission i have set above. I need to have that so wordpress works.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

So the problem is that www-data needs to have write permission to some of the files and folders you upload. It would be good to know which files WordPress requires write permission to and only give it to those files.

There is a less secure solution which involves giving write permission to only your user and www-data.

First lets take care of the initial permissions.

sudo chown -R tokar86a:www-data /var/www

Give setgid to /var/www so every file created in it will inherit it’s group ID.

sudo chmod g+s /var/www

Now make sure that uploaded files will get rw- rw- --- permissions. Open sshd_config.

sudo nano +77 /etc/ssh/sshd_config

Find the line Subsystem sftp /usr/lib/openssh/sftp-server and append -u 017 to it.

Subsystem sftp /usr/lib/openssh/sftp-server -u 017

Save the file and reload SSH to activate the modification.

sudo reload ssh

Reconnect to SFTP and the problem should be solved. Uploaded files should be owned by your user. The group should be www-data and the permission should be rw- rw- ---.

If you want to retain read permission to world you can use 013 instead of 017.

What is happening here is that the files you upload through FTP are owned by the user you used to upload with and they probably have rwx --- --- permissions so www-data can’t do anything with them.

I assume you use VSFTPD as the FTP server. In which case you can find a setting called local_umask in vsftpd.conf which probably equal with 077. That is the permission of the uploaded files.

You could change local_umask to 022 which would make the uploaded files have rwx r-x r-x and www-data would be able to read all the files.

Don’t forget to restart the FTP server after changing it’s configuration.

sudo service vsftpd restart

In a production environment I would not recommend setting local_umask in a way that gives write permissions automatically. I would give write permissions specifically by hand to the required directories and users.

If you are developing something and not deploying to a production environment you can set local_umask to 000 to speed up the process, but only do this if you doing it on a private development environment!

One possible solution is that to change the group to your user’s group. That way www-data and tokar86a will both have write permission.

sudo chown -R www-data:tokar86a /var/www