7

I have a local wordpress installation and got everything working, until I tried to install a new plugin. Trying to activate the plugin, wordpress asked me for FTP connection information, which I understood to be a failure of write-access to the plugins directory. Apache runs as www-data, so I ran sudo chown -R www-data: /var/www/wordpress to make the wordpress directory writable for Apache. But now, I cannot edit the files as user anymore. Changing file permissions back to chown -R user: /var/www/wordpress/wp-content/themes, the wordpress dashboard complains again, that it doesn't have sufficient access.

I tried various "solutions" online, but none have worked so far. Do I really need to install something like proftp and create an FTP user & password for my local server? Or can I circumvent the problem with some nifty file permission settings, which allow both me and Apache to access/write the files?

Earthliŋ
  • 591
  • 2
  • 9
  • 29
  • 1
    Possible duplicate of http://askubuntu.com/questions/162866/correct-permissions-for-var-www-and-wordpress?rq=1 Sorry I didn't find this earlier. – Earthliŋ Dec 12 '12 at 06:40

1 Answers1

12

It sounds like you've already got it figured out, but I'll let you know how I did it. This set up lets me and apache write to the wordpress directory, and the plugin/theme/upgrade works fine from within Wordpress.

First, I made my user part of the www-data group: sudo usermod -G www-data -a <user>.

Next, I made the entire wordpress directory owned by www-data:www-data: sudo chown -R www-data:www-data wordpress. I also made all the files readable and writable by user and group: find wordpress -type f -exec chmod 664 {} +, find wordpress -type d -exec chmod 775 {} +.

Finally, I set the guid bit so that new files would also be group-owned by www-data: chmod -R g+s wordpress.

Now, this isn't the most secure setup. Any vulnerabilities in Wordpress could be used to write to files within your wordpress installation. But I, personally, have never had any problems. And when I tried to make it less restrictive, updates and theme/plugin installation from within Wordpress Admin usually broke. I never quite found the right sweet spot between security and usability.

Dan Jones
  • 1,069
  • 7
  • 9
  • that's a fairly secure way to do it, actually, and is far better than a lot of the advice out there involving chown/chmod. – ImaginaryRobots Dec 12 '12 at 17:17
  • Yeah, it's better than doing chmod -R 777 wordpress which I've actually seen suggested, but I've seen better ways suggested, like only giving write permissions to wp-content. I was just never able to get the extra secure setups to work well for me.

    But yeah, I think I've struck a pretty decent balance.

     – Dan Jones Dec 12 '12 at 17:21
  • Thanks, this worked much better than what I had found earlier. – Earthliŋ Jan 03 '13 at 16:02
  • 1
    Glad I could help. – Dan Jones Jan 03 '13 at 19:49
  • I needed more permissions to create, update and delete folders and the files below on Ubuntu 13.10: sudo find wordpress -type d -exec chmod 775 {} + – malisokan Feb 09 '14 at 15:02
  • You're right. It should be 775. I've edited my answer accordingly. – Dan Jones Feb 09 '14 at 19:45
  • THANK YOU for this. I've been trying to figure out how to have www-data own the files, but still be able to use FTP to modify them with another user. Perfect. Much appreciated. – Charlie74 Jun 03 '14 at 19:13
  • @DanJones how about leaving the user to <user> instead of www-data so you can still upload with sftp using <user> ? – allaire Nov 13 '15 at 22:16
  • @allaire I had problems installing plugins from wp-admin when I did that. It gave me permission errors. – Dan Jones Nov 13 '15 at 22:42
  • The big problem I see with this configuration is that, where you have a system with multiple users who are in the www-data group, they will now be able to read each other's wp-config.php files and get at private DB passwords, etc. – edam Jan 11 '17 at 18:20