Correct permissions for /var/www and wordpress

Question

I have set up a LAMP server and I have access via SSH and to the "it works" page from a web browser from inside my network (via ip address) and from outside using dyndns.

We have some Wordpress projects that sit in subdirectories in /var/www/wordpress1 /var/www/wordpress2, etc. I cannot access these sub directories from a browser in order to set up WP--or (I assume) to see the content on a browser. I get a 403 Forbidden error on my browser.

I assume that this is a permissions problem. Can you please tell me the proper settings for the permissions to:

Allow the developers and me to read/write.
to allow WP set up and do its thing
Allow visitors to access the site(s) via the web.

I should also mention that the subfolder are actually simlinks to folder on another internal hdd--I don't think this will make a difference, but I thought I should disclose.

total 12
drwxr-xr-x  2 root root 4096 2012-07-12 10:55 .
drwxr-xr-x 13 root root 4096 2012-07-11 20:02 ..
lrwxrwxrwx  1 root root   43 2012-07-11 20:45 admin_media ->     /root/django_src/django/contrib/admin/media
-rw-r--r--  1 root root  177 2012-07-11 17:50 index.html
lrwxrwxrwx  1 root root   14 2012-07-11 20:42 media -> /hdd/web/media
lrwxrwxrwx  1 root root   18 2012-07-12 10:55 wordpress -> /hdd/web/wordpress

Here is the result of using chown -R www-data:www-data /var/www

total 12
drwxr-xr-x  2 www-data www-data 4096 2012-07-12 10:55 .
drwxr-xr-x 13 root     root     4096 2012-07-11 20:02 ..
lrwxrwxrwx  1 www-data www-data   43 2012-07-11 20:45 admin_media -> /root/django_src/django/contrib/admin/media
-rw-r--r--  1 www-data www-data  177 2012-07-11 17:50 index.html
lrwxrwxrwx  1 www-data www-data   14 2012-07-11 20:42 media -> /hdd/web/media
lrwxrwxrwx  1 www-data www-data   18 2012-07-12 10:55 wordpress -> /hdd/web/wordpress

I am still unable to access via browser.

So I can learn, and not just copy/paste code, what is the -R switch? I know chown is change owner... — dpbklyn, Jul 12 '12 at 17:13
no luck there, same result as before...see above for result of ls -la /var/www — dpbklyn, Jul 12 '12 at 17:19
-R is recursive.. It changes the ownership recursively. Try chmod 777 /var/www/index.html to allow everyone to read, write, and execute that file. — SirCharlo, Jul 12 '12 at 17:25
I think your problem now is that you are using links. Apache will not follow links. What you would do is move those files to /var/www and configure apache to use vitrualhosts. See https://help.ubuntu.com/10.04/serverguide/httpd.html Alternates, if you wish to use /hdd/web/wordpress would be to configure Apache (root directory) properly. You can configure apache to use links, but I do not advise it. See also https://help.ubuntu.com/community/WordPress — Panther, Jul 12 '12 at 18:37

metamorph · Answer 1 · 2017-04-05T09:42:53.647

97

First, you should ensure that your username is included in www-data group. If not, you can add your username as www-data group

sudo adduser $USER www-data

After that, you should change the ownership of /var/www to your username

sudo chown $USER:www-data -R /var/www

Next step, for general practice, you should change permission to 755 (rwxr-xr-x), not recommend changing permission to 777 for security reason

sudo chmod u=rwX,g=srX,o=rX -R /var/www

Related to specific permission for wordpress or laravel or another framework, then you can read the documentation respectively.

Hope it helps...

edited Apr 05 '17 at 09:42

answered Oct 30 '12 at 10:37

metamorph

1,673

1

didn't work for me, I add to use sudo chown www-data:www-data -R mywordpressdirectory/ – Louis Nov 20 '14 at 17:23
After change the ownership, you should change permission too. Have you change your permission to 755? – metamorph Nov 23 '14 at 01:27
1

He did with chmod. He's changing permission to 755 with sticky bits (to keep new files owned by www-data.) – Zachary Dahan May 13 '16 at 23:18
The best explanation I could find, short and sweet. Thanks. – Banago Sep 07 '16 at 05:38
1

Thus you won't be able to install/remove plugins/themes etc from admin panel because WordPress won't have write permission. – Igor Skoldin Dec 15 '16 at 12:05
so that you can set your specific directory permission separately. For example you can set permission for wp-content/plugins directory or wp-content/themes directory as you want. – metamorph Jun 15 '17 at 04:05
What if multiple developers are working on a single server? Why have the owner be a particular user instead of www-data? – Nathan Wailes Jun 17 '23 at 22:36

MagicCamera · Answer 2 · 2015-05-28T14:10:05.387

Apparently this is how it is recommended in the Ubuntu Server Guide:

Chapter 11. Web Servers.

1.4. Sharing Write Permission

For more than one user to be able to write to the same directory it will be necessary to grant write permission to a group they share in common. The following example grants shared write permission to /var/www/html to the group "webmasters"

I use www-data. Just replace "webmasters" with your group, be sure you add the user to the group of course.

sudo chgrp -R webmasters /var/www/html
sudo find /var/www/html -type d -exec chmod g=rwxs "{}" \;
sudo find /var/www/html -type f -exec chmod g=rws "{}" \;

I just tested it with Dreamweaver from my mac desktop and uploaded and replaced files added files etc and it retains the correct permissions with one exception, the local user becomes owner of new files along with www-data, but any files created by root in the html directory retain their ownership as root but are editable by local user.

$ls -l
$-rw-rw-r-- 1 localUser www-data 11505 May 28 09:56 index2.html
$-rw-rwSr-- 1 root  www-data 11535 May 28 09:58 index.html

Hope this clears up things and helps the weary, cause I know I was always weary of this situation, but now it is clear to me.

Oh and I highly recommend using sftp with keys to access your ftp, works great for me and don't need PureFTP or any other insecure method of delivering the files to the website. There's a good few tutorials on Digital Ocean site all about securing your server with ssh keys:

How To Configure SSH Key-Based Authentication on a Linux Server

score 1 · Answer 3 · answered Oct 30 '12 at 11:04

Reading around the instalation guide for Ubuntu..

chown -R www-data /usr/share/wordpress

Maybe it could be easier to instal it this way instead of trying to unzip the files on /var/www

https://help.ubuntu.com/community/WordPress...

any way wordpress runs on apache... right? if you want to do it that way.. you show do as @metamorph an then give permisson on apache2 httpd.conf like this:

<VirtualHost *:80>
        ServerName site
        ServerName site.domain
        DocumentRoot /srv/www/wordpress.site

        DirectoryIndex index.php

</VirtualHost>

and then default-server.conf.

<Directory "/srv/www/wordpress.site">
        Options None
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

Maybe is best to do the step by step https://help.ubuntu.com/community/WordPress

score 0 · Answer 4 · answered Jul 13 '12 at 04:49

Check that Apache has execute rights for /hdd/web/media and /hdd/web/wordpress.

Run:

chmod o+x /root /root/site /root/site/about

Moreover, Apache has to be configured to allow access to the directory on the filesystem. This has to be done by a system administrator by inserting a directive in the apache configuration files (httpd.conf).

Since the real directory is inside the web root it must be accessible, but FollowSymLinks may not have been enabled for the directory - this also has to be added to the directive.

See http://httpd.apache.org/docs/2.0/mod/core.html#directory

Thanks all...I have decided to go with the path of least resistance...removed the symlinks. All works perfectly. — dpbklyn, Jul 13 '12 at 14:20

Correct permissions for /var/www and wordpress

4 Answers4

Linked

Related