Related

Tool NGINX Config Generator Tool
Wordpress wp-login.php and other admin files are getting downloaded instead of opening. How to solve this? Question Question
Why are snapshots so slow Question Question

Question

Why doesn't chown -R root:www-data work on my Wordpress installation?

Posted July 29, 2015 101.9k views
NginxUbuntuWordPressSecurity

Quite some time ago, I was following this tutorial which showed me how to install Wordpress on an NGINX + Ubuntu (LEMP) setup:

https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-nginx-on-ubuntu-14-04

I got stuck on this portion for quite some time back then as I used root as the user for this instruction snippet below:

The group that nginx operates under is www-data. For the user portion, enter your user account name. We will demonstrate with an account called demo here:

sudo chown -R demo:www-data /var/www/html/*

To clarify, it didn’t give me any errors or anything, but what I found out was that if I used root:www-data for my file ownership settings, I wouldn’t be able to add / update plugins / edit code on the site. It would always prompt me for FTP / SFTP details, in which it would fail even if i entered the correct credentials due to the permissions being drwxr-xr-x (Owner has write permission).

So i tried this:

sudo chown -R www-data:www-data /var/www/html/*

and it worked – I was able to write / update plugins freely as the Wordpress site admin.

However, I now have a roughly better understanding of how ownership and groups work, and I’m concerned that by doing chown -R www-data:www-data, I opened a security flaw on my own.

Am I doing it right? Why didn’t root:www-data work for being able to update the site in the first place?

Add a comment
nyubbie
By:
nyubbie
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
6 answers
sugarhill July 29, 2015

I researched the same problem and I found the solution.
The trick is to add your user “demo” to the group www-data (since www-data is a group)

add user “demo” to group “www-data” (below replace demo with your username)

sudo usermod -a -G www-data demo

set permissions for user group www-data

sudo chgrp -R www-data /var/www/html

followed by

sudo chmod -R g+w /var/www/html

Now you can modify files as “demo” via SFTP and your wordpress installation can modify files without requesting credentials

Reply Report
ryanpq July 29, 2015

Since the nginx process is running as www-data the root:www-data ownership would only work with group write permissions set. There is no major issue with running with your web files owned by www-data:www-data but if you are concerned you could give ownership of wp-content to www-data and leave the rest of the install as root:www-data.

Reply Report
sergiozac05 October 25, 2016

this solved my issue, worked perfect!

Reply Report
joefoe December 29, 2017

Thank you sugarhill! Such an important thing … surprised we had to dig for it

Reply Report
trinad536 April 12, 2018

Thank you so much, Worked like a charm.

Reply Report
skaryan February 27, 2019

This solution worked indeed - Thanks a lot sugarhill
BUT unfortunately, the file permissions changed from 755 to 775… and a warning message is appearing now in the wp-admin interface, stating -
———->>
var/www/html/wp-content is write-able. When finished installing the plugin, change the permissions back to the default: chmod 755 /var/www/html/wp-content. Permissions are currently 775.
———->>
If I change the file permission, then it again shows the same issue. Any suggestion? Thanks for your support.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help