Trying to set proper WP file and directory permissions with little luck...

March 6, 2015 4.5k views
WordPress Nginx Ubuntu

I have been having issues with Backupbuddy saying that it does not have the proper permissions to create directories and files.

I have looked everywhere for the proper file permissions for WP (I have an ubuntu +nginx + WP droplet) but cannot seem to find the proper permissions.

The last time I changed permissions, all I got going to the site was a white screen. No errors - just a white screen. Had to restore from backup.

Guessing at this seems to be quite dangerous. How do I set the proper file and directory permissions for WP that allows wp-config.php to be written during the 5 minute install (without me having to cut the wp-config code out, log into the server via FTP, create wp-config.php, paste in the code and save the file), and allows plugins like Backupbuddy to have the permissions they need in the uploads directory?

1 comment
  • I know that I could use Filezilla to try and set these file permissions (trying that now, in fact), but I want to know how to properly do this from the command line so that I can (eventually) script the setup of my servers.


3 Answers

It's not really dangerous, as you can correct things fairly easily from the command line.

Short answer:
when you are installing Wordpress, you are probably logged in as a certain user. We will say "robin"

you upload all those Wordpress files, and so robin is the owner of everything. Well, your webserver is most likely running as a user called www-data, and needs ownership to be able to read/write things properly.

so after you finish uploading everything (and before running the install), you should give ownership to www-data. You can do this from a command-line like so:

sudo chown -R www-data:www-data /var/www

which says: give www-data ownership of all files in /var/www

Now Wordpress should be able to run fine...but what if you want to edit some files? Gosh! You are not the owner.

The answer is that you can add yourself as to the www-data group, like so:

sudo usermod -aG www-data robin

which says "make robin a member of www-data group.
Great! but one more step: you need to make sure those files can be edited by group-members:

sudo chmod -R 774 /var/www

Okay. You should be good to go, unless later on you create new files, and then you need to run (again)

sudo chown -R 774 /var/www

There is a way that you can avoid all of this completely, (and I have recently adopted this method with great results:

By using this method, I have a folder in my users home directory called www
Anything I add to that directory automatically has the correct permissions for everyone I want to have access! Might be advanced, but is a worth having a look.

  • An addendum to the answer above: If after these changes you run into permission problems with new files—in which any new file receives permissions other than the intended—look up something called umask (universal mask). Depending on what you're using there might be a place in the .conf file to set this, otherwise I believe you'll have to set it for the user experiencing the problems.

    Example: I ran into this with my ftp. Solved it by setting the local_umask and file_open_mode parameters in its .conf.

  • No really understanding the "Okay. You should be good to go, unless later on you create new files, and then you need to run (again)" part.

    This gives permission back to www-data....

    sudo chown -R www-data:www-data /var/www

    Then, this puts me in the www-data group...

    sudo usermod -aG www-data robin

    And this makes sure that members of the www-data group can edit the files....

    sudo chmod -R 774 /var/www

    Then if I (as a member of www-data) add files to a directory owned by www-data, and www-data members can edit files in that directory, why can't other members of www-data edit those files that I just put in the directory that they are allowed to edit?

    Is there a simple way to give the ANY member of www-data the ability to edit ANYTHING in the selected directory?

This is one of those times when I am forced to ask just why people use Linux. Even the simple stuff isn't.

I hear your frustration. It took me a while to wrap my head around permissions.

In this case, here is what happens:

your user creates files as youruser:youruser rather than youruser:www-data

there is actually a good reason for that, which is that you do not want your web-server (www-data) to have access to your user files. If that happened, and your website was hacked, then the hacker could have access to your user account, and from there gain access to your computer.

The problem pops up when you want to create new files for your website, and then end up with www-data not having access.

There are different solutions, but the one I have found that works for me is listed in my answer above:

I use that technique to create a folder in called www in my users folder, then mount my web directory in that folder using that method..

The result is I can create files in the www folder. I see them as having permissions for me, but in the actual web folder the permissions show up as www-data:www-data

I can do that for as many users as I need, and each user can create files that all end up being owned by www-data:www-data

Have another answer? Share your knowledge.