Develop Reference

WSL + Docker file permission issues

I'm using docker-compose in a WSL environment. Currently Wordpress runs in the docker composer. All files in the Projects folder are at www-data group and user which allows Wordpress to create everything and upload plugins.
But vs-code has file permission errors as soon as I want to edit files.
Switching user to and www-data groups allows vs-code to edit files but Wordpress has permission errors when uploading plugins or deleting plugins/files.
wsl.conf looks like that:
# Enable extra metadata options by default
[automount]
enabled = true
root = /windir/
options = "metadata,umask=22,fmask=11"
mountFsTab = false
# Enable DNS – even though these are turned on by default, we'll specify
here just to be explicit.
[network]
generateHosts = true
generateResolvConf = true
Using Win 11 with Ubuntu-20.04 - Kernel: 5.10.60.1 and latest docker version.
EDIT:
Still, when I want to edit stuff in Wordpress, upload Media or uploading plugins I need to sudo chown -R www-data * and if I want tot edit files in VScode I need to sudo chown -R <username> *

I had a similar issue on my local WordPress development setup. (Windows 10 + WSL2), here is a link to the git repo:
https://github.com/dorumarginean/wordpress-docker
For uploading images / plugins I updated the owner like you mentioned and for write permissions with Visual Studio Code I edited the PHP container inside my docker-compose.yml.
user: “1000:1000”

Here's what I did when I had a similar problem:
create a new group that contains both www-data and the user that runs your editor.
Let's call your local user myuser and your new group mygroup for now.
First you need to create a new group
sudo addgroup mygroup
Add both the webserver user and your user to this new group
sudo adduser myuser mygroup
sudo adduser www-data mygroup
now give the ownership of the website directory to this new group. cd to your website's directory, then
sudo chown -vR :mygroup .
grant write permission to the group
sudo chmod -vR g+w .
Check to make sure that the changes took effect with ls -ld to see the owner and the permissions of the files and groups myuser www-data to see if both users are indeed in mygroup.
Then make sure to reinitialize the user environment so the permissions coming from the new group will be updated
newgrp - mygroup
You may need to log out and log in again for the user environment to update in the GUI.

LEMP + wordpress file permissions to be able to edit, upgrade and use sftp client

I am trying to manage file permissions on a debian webserver that runs nginx, so that wordpress can edit, upload and upgrade without having to use ftp. I also want to be able to login using sftp with my user account.
I am aware of the fact that this question has been asked before, see here
or here, but following the steps in those answers hasn't been satisfying. The setup currently looks as follows:
The wordpress folder is in /var/www/html/
I made a new user ("user") and group ("group"). The server user is
"www-data".
All files in the wordpress folder are owned by user:group.
Both "user" and "www-data" are set to belong to "group".
I changed file and folder permissions as follows:
find /var/www/html/ -type d -exec chmod 2775 {} +
find /var/www/html/ -type f -exec chmod 664 {} +
I set the default umask to 0002.
I would have thought this should work, but currently I can edit and upload files from within wordpress, but not update wordpress, functions or themes.
It also does not work with "group" set as default group for "user" and/or "www-data" (by editing /etc/passwd).
Alternatively, I made all files in /var/www/html/ owned by user:www-data, but also without success.
The only way I seem to get wordpress to update without ftp is by making the wordpress-folder and all its files owned by "www-data". Unfortunately, the result of that is that I cannot upload files using an sftp-client (because the target is now a folder that is not owned by "user").
How can this be? As far as I understand these steps should give wordpress the proper permissions, but something still is wrong.
Your help would be greatly appreciated.

On a debian server I followed these steps. It might not be the most secure solution as I read here, but it works (wordpress can edit, upload and upgrade - and I can upload using sftp).
Create a new user "user"
Create a new group "group" (you can choose to use www-data as group as well)
Add user and www-data to group
usermod -G group user
usermod -G group www-data
Check group numerical id in /etc/group
e.g. group:x:1002
Change default group of www-data and user in /etc/passwd
e.g. user:x:1001:1002:...
In /etc/php5/fpm/pool.d/www.conf (in my case) change group=www-data to ;group=www-data. Now nginx will use the default group of www-data which we just set to "group". Reload service (php5-fpm).
Recursively change owner of your wordpress folder to user:group
chown -R user:group /var/www/html
Change permissions in your wordpress folder (The 2 is to assign new files to the parent folder's group)
find /var/www/html/ -type d -exec chmod 2775 {} +
find /var/www/html/ -type f -exec chmod 664 {} +
Change umask to UMASK 0002 in /etc/login.defs
In wordpress, enforce direct upload (so no ftp) by adding define('FS_METHOD','direct'); to wp-config.php. In my case, this was an essential step.
To get things working, I needed to reboot.

I ran into this issue and I figured that I would share how I fixed it on Ubuntu running PHP 7 in case it can help someone. I adapted the following after reading this article that outlines how it is done with PHP 5.
Nginx needs to be optimized with PHP pools in order to give ownership of files and folders to users.
First, you need to create a new PHP-FPM memory pool. Do this by copying the default memory pool and renaming it with the user that you want to associate it with:
sudo cp /etc/php/7.0/fpm/pool.d/www.conf /etc/php/7.0/fpm/pool.d/username.conf
Edit the file:
sudo nano /etc/php/7.0/fpm/pool.d/username.conf
Go through the file and change username in the following locations:
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[username]
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = username
listen = /run/php/php7.0-fpm.username.sock
Now you need to update your server block(s). You will need to adjust to the correct sockets to allow access to the newly created pool.
Open your server configuration file:
sudo nano /etc/nginx/sites-available/default
Or if you setup server blocks (virtual hosts), then:
sudo nano /etc/nginx/sites-available/example.com
Edit the following line and replace username:
fastcgi_pass unix:/run/php/php7.0-fpm.username.sock;
Finally, restart Nginx:
sudo service nginx restart

SCP Permission denied (publickey). on EC2 only when using -r flag on directories

scp -r /Applications/XAMPP/htdocs/keypairfile.pem uploads ec2-user#publicdns:/var/www/html
where uploads is a directory returns Permission denied (publickey).
However
scp -i /Applications/XAMPP/htdocs/keypairfile.pem footer.php ec2-user#publicdns:/var/www/html
works (notice the flag change).
uploads is an empty folder
These are the file permissions for the uploads directory
drwxrwxrwx 3 geoffreysangston admin 102 Nov 15 01:40 uploads
These are the file permissions for /var/www/html
drwxr-x--- 2 ec2-user ec2-user 4096 Jan 5 20:45 html
I've tried changing html to 777 and that doesn't work either.

The -i flag specifies the private key (.pem file) to use. If you don't specify that flag (as in your first command) it will use your default ssh key (usually under ~/.ssh/).
So in your first command, you are actually asking scp to upload the .pem file itself using your default ssh key. I don't think that is what you want.
Try instead with:
scp -r -i /Applications/XAMPP/htdocs/keypairfile.pem uploads/* ec2-user#publicdns:/var/www/html/uploads

Even if above solutions don't work, check permissions to destination file of aws ec2 instance. May be you can try with- sudo chmod 777 -R destinationFolder/*

transferring file from local to remote host
scp -i (path of your key) (path for your file to be transferred) (username#ip):(path where file to be copied)
e.g scp -i aws.pem /home/user1/Desktop/testFile ec2-user#someipAddress:/home/ec2-user/
P.S. - ec2-user#someipAddress of this ip address should have access to the destination folder in my case /home/ec2-user/

If you want to upload the file /Applications/XAMPP/htdocs/keypairfile.pem to ec2-user#publicdns:/var/www/html, you can simply do:
scp -Cr /Applications/XAMPP/htdocs/keypairfile.pem/uploads/ ec2-user#publicdns:/var/www/html/
Where:
-C - Compress data
-r - Recursive

answer for newbies (like me):
I had this error when trying to copy the files while being on the server.
So my answer is: exit, or open another terminal

chgrp permanently for a directory

I'm running a CentOS 5.0 server with root access. The /var/www folder was originally set recursively with root as the owner and group. So I did a chgrp -R webdevs /var/www and a chmod -R g+rwx /var/www command to give all members of the webdevs group read/write access. These changes work as required for all preexisting files. However, when user examplewebdev creates a new file in the /var/www directory, the group defaults to examplewebdev instead of webdevs. How do I change the defaults for new file creation?

Try to play with ACLs: man setfacl.

http://www.vanemery.com/Linux/ACL/linux-acl.html#default

I use 'newgrp' command but I think it applies only in the shell you are currently in.

How to resolve /var/www copy/write permission denied?

I am a newbie in php, mysql. I have written a hello.php script, which I am trying to copy into /var/www directory (and will later want to open it through web browser). The problem with the same is that I am not allowed to save/write any files in /var/www despite me being the root. I tried implementing steps in this question, but I get the following error when I process the third line
find /var/www/ -type f -exec chmod g+w '{}' ';'
chmod: changing permissions of `/var/www/index.html': Operation not permitted
I know symlink is also an option. I would want to be able to write/copy files directly to /var/www/ directory.
Any suggestions on what is going wrong?

it'matter of *unix permissions, gain root acces, for example by typing
sudo su
[then type your password]
and try to do what you have to do

Do you have a file in /var/www called hello.php already that has permissions on it? Maybe the system can't replace the file?
Although, root access should supersede any user on the system.
Have you tried applying permissions to the www folder?
If you can do this, try the following:
sudo chmod -R 777 /var/www
then do:
sudo cp hello.php /var/www
I only recommend doing this if you know 100% that it is ok to set permissions on the whole www folder. By the sounds of it, you are running on your own production server as most live/shared hosting servers are setup so that the www folder is not in the /var folder (instead it is in the home folder of the user).
Be VERY careful when doing anything with the sudo prefix though, you can seriously damage your system if you do it wrong.

Are you in a development environment ? If Yes, You can do
chown -R user:group /var/www
so you will be able to write with your user.

Execute the following command
sudo setfacl -R -m u:<user_name>:rwx /var/www
It will change the permissions of html directory so that you can upload, download and delete the files or directories

Encountered a similar problem today. Did not see my fix listed here, so I thought I'd share.
Root could not erase a file.
I did my research. Turns out there's something called an immutable bit.
# lsattr /path/file
----i-------- /path/file
#
This bit being configured prevents even root from modifying/removing it.
To remove this I did:
# chattr -i /path/file
After that I could rm the file.
In reverse, it's a neat trick to know if you have something you want to keep from being gone.
:)

sudo chown -R $USER:$USER /var/www

First off, this has nothing to do with php. This is a unix permission issue. You need to login as a superuser ( sudo/su ) and type your password, then try that command.
$ su
(type password )
\# your command
$ sudo command
$ (type password)
It might also help if you actually specified the operating system you use.

sudo cp hello.php /var/www/
What output do you get?

If none of the above works, you might be dealing with a vfat filesystem. Use "df" to check.
See http://www.charlesmerriam.com/blog/2009/12/operation-not-permitted-and-the-fat-32-system/ for more details.

First of all, you need to login as root and than go to /etc directory and execute some commands which are given below.
[root#localhost~]# cd /etc
[root#localhost /etc]# vi sudoers
and enter this line at the end
kundan ALL=NOPASSWD: ALL
where kundan is the username and than save it. and then try to transfer the file and add sudo as a prefix to the command you want to execute:
sudo cp hello.txt /home/rahul/program/
where rahul is the second user in the same server.

You just have to write sudo instead of su.
Then just copy the PHP file to the var/www/ directory.
Then go to the browser, and write local host/test.php or whatever the .php filename is.

Enter the following command in the directory you want to modify the right:
for example the directory: /var/www/html
sudo setfacl -m g:username:rwx . #-> for file
sudo setfacl -d -m g:username: rwx . #-> for directory
This will solve the problem.
Replace username with your username.

The problem is a privilege issue navigate to the var/www/
right-click in it and select open as admin
then continue your work