A general linux file permissions question: Apache and WordPress
What should I do to make them readable and writable by both kovshenin and apache?
- Create a new group, say "wordpress".
- Add both koveshenin and www-data users to the wordpress group.
- Change the group owner of all the files to wordpress (using chgrp).
- Make sure all the files are group writeable.
- Set the g+s (setgid) permission bit on all the directories of interest.
- Make sure kovshenin and apache's default umask includes group read & write permission.
The second last step is the trick. It means that whenever kovshenin or apache creates a file in those directories, the group owner will be set to wordpress (instead of kovshenin or apache).
Correct file permissions for WordPress
When you setup WP you (the webserver) may need write access to the files. So the access rights may need to be loose.
chown www-data:www-data -R * # Let Apache be owner
find . -type d -exec chmod 755 {} \; # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \; # Change file permissions rw-r--r--
After the setup you should tighten the access rights, according to Hardening WordPress all files except for wp-content should be writable by your user account only. wp-content must be writable by www-data too.
chown <username>:<username> -R * # Let your useraccount be owner
chown www-data:www-data wp-content # Let apache be owner of wp-content
Maybe you want to change the contents in wp-content later on. In this case you could
- temporarily change to the user to www-data with
su
, - give wp-content group write access 775 and join the group www-data or
- give your user the access rights to the folder using ACLs.
Whatever you do, make sure the files have rw permissions for www-data.
Why do apache owned files get created by wordpress?
When you upload files via the wordpess admin page (like themes) the httpd process running as the apache user is actually creating them on your system--hence why they are owned by the apache user. I suggest this options to work around this:
- Add yourself and apache to a new group called 'wordpress'
- Use to change group ownership of your wordpress to the new group
- Use set the sgid permission bit and the group write permission to all directories in the wordpress docroot.
The setting of the sgid bit will make all files added to a directory be the same group owner.
Assuming you've added yourself and apache to the same group, here's the linux commands to setup the directories to ensure files get created writable to all in the wordpress group:
chown -R :wordpress /path/to/wordpress/docroot/
chmod -R g+w /path/to/wordpress/docroot/
find /path/to/wordpress/docroot/ -type d -print | while read i; do SAVEIFS=$IFS; IFS=$(echo -en "\n\b");chmod g+s $i; IFS=$SAVEIFS; done
Additional thing that may be needed:
If you see apache creating files with group permissions without write, you may need to change the default umask for the apache user for creation of new files. By default it should be owner and group write allowed, but I know some accounts (like root user) have the default umask set to be group read only.
Related Topics
Bash Capturing Output of Awk into Array
Get Free Disk Space with Df to Just Display Free Space in Kb
How to Force Abort on "Glibc Detected *** Free(): Invalid Pointer"
Can Docker Solve a Problem of Mismatched C Shared Libraries
How to Create a Configure Script
How to Run a Script on Login in *Nix
How to Have a Tcp Connection Back to the Same Port
Virtualenv: Workon Command Not Found
Differencebetween Buffer and Cache Memory in Linux
Nuget on Linux: Error Getting Response Stream
Signed Executables Under Linux
Setting Creation or Change Timestamps
How to Use Gdb in Eclipse for C/C++ Debugging
Delete All Files Older Than 30 Days, Based on File Name as Date