18

I moved from a shared hosting to a VPS a few weeks ago and I'm having these annoying permission issues with WordPress. You know you can download and upgrade plugins (and wordpress itself) from the admin panel, but since I moved it started asking me my FTP credentials, which is kinda slow when I have to update ~20 plugins.

I think this should be some kind of rights issue. I looked that the shared hosting wordpress files, they all belong to the username and group kovshenin (kovshenin:kovshenin) and the files are -rw-r--r-- and the directories are drwx-r-xr-x.

On my VPS apache runs under apache:apache and my files are kovshenin:kovshenin. What should I do to make them readable and writable by both kovshenin and apache?

Also, I changed the permissions to 0777 for all files and folders of my wordpress installation, that allowed me to install and delete plugins without FTP, but when I pushed to automatic upgrade to WordPress 2.8.1 it still asked me for my FTP account. Is that a wp issue or did I miss something?

Thanks.

Update: I managed to run id and id www-data on the MediaTemple shared hosting. User kovshenin is in group kovshenin, and www-data is in group www-data. No more groups. What's the trick?

Another update Okay, I added the apache user to the kovshenin group, my wordpress files are kovshenin:kovshenin with rw-rw-r-- permissions and drwxrwxr-x permissions on directories, but something is still wrong. The user apache can access the files and folders, I can use the online Themes and Plugins editor in the wordpress admin panel, I'm able to make changes to the .htaccess file from within wordpress, but plugin/theme installation still asks me for FTP credentials!

Any ideas? Thanks.

kovshenin
  • 31,813
  • 4
  • 35
  • 46
  • Are you saying that apache running under apache:apache can access the WordPress files with www-data:www-data? If so then find out how it's managing that and configure it do the same with kovshenin:kovshenin. – Troubadour Jul 11 '09 at 13:59
  • No. www-data is on the shared hosting, and apache is running under www-data. The user apace is on my VPS and it's running under user and group apache:apache. – kovshenin Jul 11 '09 at 14:09

5 Answers5

23

What should I do to make them readable and writable by both kovshenin and apache?

  • Create a new group, say "wordpress".
  • Add both koveshenin and www-data users to the wordpress group.
  • Change the group owner of all the files to wordpress (using chgrp).
  • Make sure all the files are group writeable.
  • Set the g+s (setgid) permission bit on all the directories of interest.
  • Make sure kovshenin and apache's default umask includes group read & write permission.

The second last step is the trick. It means that whenever kovshenin or apache creates a file in those directories, the group owner will be set to wordpress (instead of kovshenin or apache).

caf
  • 233,326
  • 40
  • 323
  • 462
  • Okay this is closer, thanks so much, but how come the user www-data and kovshenin on the Media Temple shared hosting account don't have additional groups? What's that trick called? ;) – kovshenin Jul 11 '09 at 14:11
  • Hard to say, but the shared hosting account might be set up using phpsuexec. – caf Jul 11 '09 at 14:39
  • Hey there caf, one more question. I changed the group owner of all the files and dirs in the wp folder to apache, the owner is still kovshenin, so it's kovshenin:apache and the rights are 0775, so both kovshenin and apache have rights to read write and execute files. Works fine. I did the g+s part, new files are created with kovshenin:apache, all fine, BUT, the rights for the new file are 755. How do I fix that for 775? Tried settings g+ws.. Doesn't seem to work. Any ideas? Thanks once more. – kovshenin Jul 11 '09 at 17:44
  • Oh, sorry, that must be the umask.. =) – kovshenin Jul 11 '09 at 17:48
  • Yes, your umask is probably 0022, you need to set it to 0002. By the way, kovshenin doesn't even need to be in the 'apache' group for this to work. – caf Jul 12 '09 at 05:33
  • Could you elaborate a bit on how to set the umask ? I'm running Debian and I've tried setting it in .bashrc for the user, however to no avail. – Steffen Jun 08 '10 at 17:42
  • @Steffen: Setting it in `.bashrc` will work for normal user accounts; for `apache` started from `init.d`, you can add a line setting the umask in `/etc/default/apache2`. – caf Jun 08 '10 at 22:06
  • I'll try that out, thanks. Just one more question: setgid - is it a command or ? I tried typing setgid on Debian, and it didn't know it (could find anything through apt either) – Steffen Jun 09 '10 at 06:15
  • @Steffen: The "setgid" bit is a file permissions bit - so it's set by `chmod`. In particular, you want `chmod g+s` on the directories of interest. – caf Jun 09 '10 at 06:42
  • @caf: Aaah excellent, then I get it :-) Well I'll give it a try tonight, thanks alot for the elaboration. – Steffen Jun 09 '10 at 06:55
  • I've gotten most of it to work, though I still have no luck with automatic updates in wordpress. All files 775 (chmod), the owner is my user, and the group is wordpress. Furthermore I setup my users default group to be wordpress, and set g+s on all directories (and files I think, just did a * :-D) Files are however still created with 644 rights, so my umask isn't in effect I guess. Anyway that's a minor issue, what's more important is that wordpress still asks for FTP access. Could it perhaps be that wordpress must be the owner of the files ? (chown) – Steffen Jun 10 '10 at 18:36
  • @Steffen: If wordpress isn't the owner, the files will have to be 644 (and the directories 2775). – caf Jun 10 '10 at 23:25
  • @caf: what's the first 2 in the directories ? I always thought there was only owner group guest ? Anyway all files and directories are 775 already. – Steffen Jun 11 '10 at 09:23
  • Oh well I give up on it now, I'll just settle on FTP access to update, at least that works out of the box :-D – Steffen Jun 14 '10 at 05:16
  • New directories are created with www-data:wordpress owner. Subdirectories are created with www-data:www-data ownership. How can I change that? – csi Mar 01 '13 at 01:19
  • 2
    @ChristopherIckes: That means that whatever you're using to create the directories isn't copying the setgid bit to the new directories (the standard `/bin/mkdir` utility does do this). You might need to manually `chmod g+s` the directories after they're created. – caf Mar 01 '13 at 02:53
  • Is there a way that both users kovshenin and www-data could delete files within a particular directory, say the wordpress directory, regardless of which owner the file? – csi Mar 01 '13 at 17:41
  • @ChristopherIckes: Yes - for an ordinary directory, a file can be deleted if the user has write permission on the directory containing the file, so just make sure the directories have group write permission set. – caf Mar 01 '13 at 21:31
  • @caf what are your thoughts on this issue: http://stackoverflow.com/questions/18228351/how-make-var-www-contents-editable-by-ide. It looks same as this question – sakhunzai Sep 03 '13 at 04:25
  • I'm sorry. What the two last sentences mean?? – emeraldhieu Apr 22 '14 at 11:07
1

You can give ownership to www-data according to here.

Run the following command in your WordPress directory (sudo required):

sudo chown -Rf www-data *

Works for Apache.

KahWee Teng
  • 13,658
  • 3
  • 21
  • 21
  • 1
    That works fine, but then I can't edit those files with my regular user and this is what freaks me out.. :( – kovshenin Jul 11 '09 at 13:24
  • Are they not still group owned by kovshenin? You ought to be able to still edit them if they are. If not then you could try making the user kovshenin a member of the group that they are owned by and use newgrp to change your group to that before editing them. – Troubadour Jul 11 '09 at 13:39
  • They are group owned by kovshenin, but new files which I'll upload from the user kovshenin will become kovshenin:kovshenin and I'd have to chown again. I'm setting up the hosting for a few clients of mine and I'd like their files to be kovshenin:kovshenin style, not apache (or www-data). I wonder how MediaTemple did that.. – kovshenin Jul 11 '09 at 13:42
  • You can add your regular user to the www-data group or you could also append sudo in the beginning of your command. – KahWee Teng Jul 11 '09 at 13:44
  • What command? Please read what I'm trying to do, it's not that simple.. There are no additional groups. – kovshenin Jul 11 '09 at 13:49
  • caf has an answer that you want. – KahWee Teng Jul 11 '09 at 16:35
1

Assuming your wordpress install directory is /var/www/html to mass change all the files and directories to the proper permission use:

sudo  find /var/www/html/ -type d -exec chmod 775 {} \;
sudo  find /var/www/html/ -type f -exec chmod 664 {} \;

To mass change the owner group of everything use:

sudo chgrp -R <desired_username>.<desired_groupname> /var/www/html
Reza S
  • 9,480
  • 3
  • 54
  • 84
0

I had the same problem and I solved it turning off PHP 'safe_mode' in plesk, now WP can create folders and move files without any problems.

I hope this help you.

Fede
  • 1
0

Currently, adding define('FS_METHOD', 'direct'); to wp-config.php might do the trick. Not sure that would have worked in '09 though. See here for my similar case using nginx. I found that it was an essential step.

Community
  • 1
  • 1
knirb
  • 143
  • 7