Recommended Ownership on WordPress, Varnish, Nginx, MySQL Stack

I have a new droplet that will be running multiple client sites. I setup the server to use Varnish, Nginx and MySQL on the latest version of Ubuntu and server blocks in Nginx.

While I have got it all working I’m not sure of the best way to handle ownership of folders.

For instance, following best security practices I created a new user with sudo powers and disabled the root login. I also added and SSH key to that new user (as well as Authy 2-factor authentication) and disabled password authentication.

So now I login to that new user and then run sudo su to run commands as root.

Say I have a few sites such as

/var/www/ /var/www/ /var/www/

Now I can create a separate user for each of those and assign that user/group to each of those site folders which allows me to edit those files through SFTP but then in WordPress I would run into issues where the webserver isn’t running as www-data and thus won’t be able to natively install plugins and such.

I can set each of those to run as www-data:www-data which would avoid the WordPress issues but then I would be unable to easily edit files through SFTP (Transmit). While in general most changes would be through Git/Capistrano would want a way to edit on the fly through SFTP as well.

Does anyone have recommendations on the best way to resolve this so that each WordPress site is running at as nginx which is www-data but also each site has their own ssh user so I can edit files through Transmit/SFTP program? Also want to make sure each of those SFTP users can only access their site and no others.

Also I will want a single GIT user that will be able to deploy to all those sites as well as a single backup user that will be able to backup all the sites.

Wouldn’t need step by step instructions, rather looking more for the general theory on how to handle this user/group permissions wise. Thanks!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I’ve been having this problem for the last day since I setup my droplet. Similar to the OP, I have nginx running Ubuntu. I have a user with sudo power “jim”. This user owns all the files and folders within the html directory that compromise the WordPress installation.

i’ve added this user to the www-data group, as well as the reverse so that.

jim@noise:/var/www/$ id jim
uid=1000(jim) gid=1001(jim) groups=1001(jim),33(www-data)
jim@noise:/var/www/$ id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data),1001(jim)

Still when trying to upload media or plugins from my computer I will get the error that The uploaded file could not be moved to wp-content/uploads.

The only way I can get uploads to work is by changing the ownership of the files and folders to jim:www-data, but as the OP noted this creates a permissions issue when trying to do anything via FTP.

From reading various threads this seems to be a recurring issue.

My bad, the command should be <strong>chmod</strong>, not <strong>chown</strong>. Glad I could help!

Just to add the above gave an error that user g+w doesn’t exist. <br> <br>But this works: <br> <br>sudo chmod -R g+w /path/to/site1