I have a wordpress install and I want to be able to do the following two things:
automatically install plugins via the backend without providing an FTP/SSH user
upload files via FTP
To achieve point 1. I have read that I have to execute the following command: chown -R www-data:www-data /var/www. That means that the user/group www-data becomes owner of all files and folders in /var/www. After executing this command, the automatic installation of plugins works like a charm.
However, I now am not able to edit/upload files via FTP anymore. For FTP I use a different user named ftpuser. The following error is shown in my FTP client when I try to upload a new file: [Filename] open for write: permission denied
I put the ftpuser in the group www-data, hence I think that ftpuser should be able to write:
root#xyz:~# grep 'www-data' /etc/group
www-data:x:33:ftpuser
The file permissions on the folder /var/www are 755.
What is my issue here?
Can you please try by using the below code in wp-config.php :
define('FS_METHOD', 'direct');
Hope that will work.
I have read several ways to solve the problem of permissions in WordPress to install themes and plugins from the WordPress administration.
As I understand the problem is that the owner of the folder where WordPress is installed must be the user who manages the web server (read postdata). In my case with Apache and AWS, www-data.
However, by changing the owner to www-data (even just changing the group to this user), I lose SSH access to the server. In this case I had to ask the administrator of the entire server to access from its user and restore the owner and permissions of the folder.
I am using Amazon Web Services with Ubuntu 16.0.4 LTS where I have access to a main user and the installation of WordPress is located at the root of the user, i.e. /home/myuser/
I am accessing via SSH with a .pem key and with myuser#publicdns
What can I do?
Thank you so much.
PD: WordPress in this guide says that the owner always has to be the ftp web server owner (i.e. myuser) and never the webserver, I agree.
I hate having to answer my own question but maybe I can help others solve problems easily and fast. This is what worked for me:
BEFORE DOING ALL OF THIS YOU SHOULD TAKE NOTE OF ALL PERMISSIONS, OWNERS AND GROUPS OF ALL THE FOLDERS & FILES WE ARE CHANGING HERE BECAUSE YOUR WEBSITE MAY FAIL AFTER CHANGING THESE SETTINGS. ALL HOSTS HAVE DIFFERENT CONFIGURATIONS.
As long as you don't exit the session, you may be able to return all the changes you have made with sudo privileges.
If your WordPress installation is in the root folder of the user, eg: /home/myuser/
Take note of permissions, owners and groups:
With ls command and the -a -l flags you can see all files using long listing format. Do this being in /home and /home/youruser/ paths.
cd /home
ls -al
cd /home/youruser
ls -al
Copy the output and save it in some text file.
Prevent losing SSH access:
The owner of the folder must be the user you are accessing with.
sudo chown youruser /home/youruser/
I also have set the group of the folder myuser.
sudo chgrp youruser /home/youruser/
Set the permissions of this folder with 751 (I think the important thing here is that the owner has full access)
sudo chmod 751 /home/youruser/
The permissions for the hidden folder .ssh must be 700 for top folder, 600 for files inside the folder and the owner & group must be youruser
sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R youruser ~/.ssh/
sudo chgrp -R youruser ~/.ssh/
Solve Plugins & Theme installation problems:
I'm still unsure if this solution is right for site security. However, I think you can apply this fix and then return the changes. The website should run smoothly in both cases.
I have changed permissions for folders and files via sftp in Nautilus. If you are using .pem key remember to add the key using ssh-add path/to/your/key.pem
then connect to the server sftp://youruser#yourpublicdns
Make multiple click in folders wp-content, wp-admin, wp-includes and do Right click -> Properties (or Ctrl + I), change to permission tab and click in the "Apply permissions to Enclosed files" button on the bottom of the window, set:
Files
Owner: Read and Write
Group: Read only
Others: Read only
Folders
Owner: Create and delete files.
Access to files.
Access to files.
This will apply the changes to files and folders inside these three folders selected. Depending on the speed of your internet and how much files do you have, this may take some minutes to finish.
Make multiple click in remaining files and do Right click -> Properties (or Ctrl + I), change to permission tab and set
Owner: Read and Write
Group: Read and Write
Others: Only Read
AND LAST
Change the owner and the group of all the WordPress installation files, i.e. all the files inside /home/youruser
sudo chown -R www-data wp*
sudo chgrp -R www-data wp*
This make changes for all the files that start with the "wp" word recursively. To remaining files, I have made the changes manually. There are better ways like find command but that changed hidden folders too so I decided to do manually.
Apply the corresponding changes to files to the .htaccess as well.
NOTE: Test your website. Access to it, access to your WordPress admin, try installing plugins and themes, open another terminal (DON'T CLOSE the one you were writing the commands) and try to SSH into your webserver. If you have problems use the backup and revert the process.
Hope this helps.
To solve these issues display in process of installing Drupal as:
Go to your "drupal" folder and make permission 777
Then open "sites" folder and make it 777
Choose "default" folder and make it 777
Open "files" and choose "setting.php" to change permission to 777
You are giving public right to execute read and write files in your directories. Clearly not a good idea.
Check this link for more infos on what to do in production environnement (it also explains basic chmod values wich you seem to not be understanding) : https://www.drupal.org/node/244924
Some normal permissions would be 0644 for files and 0755 for directories. Then i.e. settings.php since there is no need for it to be writable you should fully forbid writing.
If only 0777 "solves" your issue, maybe problem are not permission values but file owner. It happens that you upload files with one (FTP) account Apache is running website with some other, which is not allowed to write over first one. So changing file owner could solve the issue.
Before i executed an update (composer.phare update) with the root user, every thing works fine, but now when i tries to run "Assetic:dump -env-prod" i get a "Permission denied" error
[Assetic\Exception\FilterException]
An error occurred while running:
'' '-jar' '/home/symfony/www/app/Resources/java/yuicompressor.jar' '--ch
arset' 'UTF-8' '-o' '/tmp/YUI-OUT-vbRlyu' '--type' 'css' '/tmp/YUI-IN-OoRVH
Q'
Error Output:
sh: 1: : Permission denied
Input:
meta.foundation-version{ ...
I tried all the solutions in this post Fontawesome fonts fail after assets:install and assetic:dump
clear the cache, chown, chgrp and chmod nothing worked always the same problem
One way to deal with file permissions when you are running a web based application which requires either auto deployment or constant manual updates like using bin/console from symfony2, its to make sure that the files belongs to the user under which your application runs.
As you did not provide environment settings, I will be making a few assumptions and provide you with a generic setup scenario, hopefully this will help guide you to the the best solution for your specific case.
Environment Assumptions:
OS: linux flavor;
Web server: nginx will be running as www-data;
PHP: php-fpm will running as testapp and using a socket connection for this application;
Generic set-up steps:
In the /etc/nginx/nginx.conf file, make sure that the user/group are set to www-data;
In the /etc/php5/fpm/pool.d/apptest.conf file, make sure that the user & group are set to testapp;
TIP: The file above might need to be created, if that's the case you should just copy the content of the www.conf file located in the same folder.
In the /etc/php5/fpm/pool.d/apptest.conf file, make sure listen.owner & listen.group are set to www-data;
Make sure that you have a line like the one below in this file /etc/php5/fpm/pool.d/apptest.conf:
listen = /var/run/php5-fpm.apptest.sock.
NOTE: the fpm.apptest.sock portion of that line above, its the name of a file that does not exist yet but will be created when you restart php. The benefit is that you will have an isolated php process for this application;
a) In the case on nginx and if you are using socket connections, make sure to add this line in your apptest conf file:
unix:/var/run/php5-fpm.apptest.sock;
b) If you are using apache add this line in that conf file:
-socket /var/run/php5-fpm.apptest.sock;
If you are on a linux box, create user with no password and it should be called, apptest.
Note: apptest is the name of your application, it will also be the user under which php will be running and it should also be the application files/folders owner.
Restart php and nginx/apache.
Tip: to change to a user in linux which has no password, you should have root privileges and run:
sudo -u apptest -i.
After this, you should perform all your commands as the apptest user previously created, including running the symfony2 bin/console.
These are very generic steps, so if you need any clarification, let me know.
I do not recommend to use root for updating. In my opinion the way to go is to have /app/logs /app/cache writable for the server and the src and vendor folder only readable for the server.
So lets say your user and group is: coolman, than try this:
# everything is yours
chown coolman:coolman -R .
# all and group can access folders and read files, you as user can additionally write them
chmod ag=rX,u=rwX -R .
# full access to logs and cache for everyone (also the server)
chmod a+rwX -R app/logs app/cache
You make your composer update with your coolman user.
There is only one small problem, too. The logs might be www-data:www-data rw-r--r-- so you cannot delete them. So just add a line to your app.php and your app/console file:
\umask(0000);
I think this line is commented out as default. This says, that if no explicit rights are set within PHP, than every file which is created will get 0777 - mask = 0777 so you can delete logs and cache then.
I installed a WordPress blog in my local system. But when I try to add plugins from admin it asks for FTP access. What do I need to configure for WordPress to be able to upload without FTP?
Try to add the code in wp-config.php:
define('FS_METHOD', 'direct');
If you are using Ubuntu.
sudo chown -R www-data:www-data PATH_TO_YOUR_WORDPRESS_FOLDER
"Whenever you use the WordPress control panel to automatically install, upgrade, or delete plugins, WordPress must make changes to files on the filesystem.
Before making any changes, WordPress first checks to see whether or not it has access to directly manipulate the file system.
If WordPress does not have the necessary permissions to modify the filesystem directly, you will be asked for FTP credentials so that WordPress can try to do what it needs to via FTP."
Solution:
In order to find out what user your instance of apache is running as, create a test script with the following content:
<?php echo(exec("whoami")); ?>
For me, it was daemon and not www-data. Then, fix the permission by:
sudo chown -R daemon /path/to/your/local/www/folder
If during installation of a plugin, Wordpress asks for your hostname or FTP details.
Then follow these steps:
Login to your server and navigate to /var/www/html/wordpress/.
Open wp-config.php and add this line after define(‘DB_COLLATE’)
define('FS_METHOD', 'direct');
If you get "Could not create directory" error. Give write permissions to your wordpress directory in recursive as
chmod -R go+w wordpress
NOTE. For security, revoke these permissions once you install a plugin as
chmod -R go-w wordpress
I changed the ownership of the wordpress folder to www-data recursively and restarted apache.
sudo chown -R www-data:www-data <folderpath>
It worked like a charm!
On OSX, I used the following, and it worked:
sudo chown -R _www:_www {path to wordpress folder}
_www is the user that PHP runs under on the Mac.
(You may also need to chmod some folders too. I had done that first and it didn't fix it. It wasn't until I did the chown command that it worked, so I'm not sure if it was the chown command alone, or a combination of chmod and chown.)
I did a local install of WordPress on Ubuntu 14.04 following the steps outlined here and simply running:
sudo chown -R www-data:www-data {path_to_your_project_directory}
solved my issue with downloading plugins. The only reason I'm leaving this post here is because when I googled my issue, this was one of the first results and it led me to the solution to my problem.
Hope this one helps to anyone!
There's a lot of similar responses to this question, but none of them fully touch on the root cause. Sebastian Schmid's comment on the original post touches on it but not fully. Here's my take as of 2018-11-06:
Root Cause
When you try to upload a plugin through the WordPress admin interface, WordPress will make a call over to a function called "get_filesystem_method()" (ref: /wp-admin/includes/file.php:1549). This routine will attempt to write a file to the location in question (in this case the plugin directory). It can of course fail here immediately if file permissions aren't setup right to allow the WordPress user (think the user identity executing the php) to write the file to the location in question.
If the file can be created, this function then detects the file owner of the temporary file, along with the file owner of the function's current file (ref: /wp-admin/includes/file.php:1572) and compares the two. If they match then, in WordPress's words, "WordPress is creating files as the same owner as the WordPress files, this means it's safe to modify & create new files via PHP" and your plugin is uploaded successfully without the FTP Credentials prompt. If they don't match, you get the FTP Credentials prompt.
Fixes
Ensure the plugin directory is writable by the identity running your php process.
Ensure the identity that is running your php process is the file owner for either:
a) All WordPress application files, or...
b) At the very least the /wp-admin/includes/file.php file
Final Comments
I'm not overly keen on specifically applying file ownership to the file.php to work around this issue (it feels a tad hacky to say the least!). It seems to me at this point that the WordPress code base is leaning towards having us execute the PHP process under the same user principal as the file owner for the WordPress application files. I would welcome some comments from the community on this.
From the first hit on Google:
WordPress asks for your FTP credentials when it can't access the files
directly. This is usually caused by PHP running as the apache user
(mod_php or CGI) rather than the user that owns your WordPress files.
This is rather normal in most shared hosting environments - the files are stored as the user, and Apache runs as user apache or httpd. This is actually a good security precaution so exploits and hacks cannot modify hosted files. You could circumvent this by setting all WP files to 777 security, but that means no security, so I would highly advise against that. Just use FTP, it's the automatically advised workaround with good reason.
For me the the process that solved, to be able to work on my localhost using Ubuntu, was:
(of course you must replace myUser by your user, whoami show it for you if you dont know)
Include myself on www-data group (to be able to access and edit files without sudo):
sudo usermod -aG www-data myUser
Set myself and this group as files owners:
sudo chown -R myUser:www-data /var/www/html
Set a major permission for the group (the group must write too):
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 775 {} \;
Then add this line on config.php
define('FS_METHOD', 'direct');
The easiest way to solve this problem is add the following FTP information to your wp-config.php
define('FS_METHOD', 'direct');
define('FTP_BASE', '/usr/home/username/public_html/my-site.example.com/wordpress/');
define('FTP_CONTENT_DIR', '/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/');
define('FTP_PLUGIN_DIR ', '/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/plugins/');
FTP_BASE is the full path to the "base"(ABSPATH) folder of the WordPress installation
FTP_CONTENT_DIR is the full path to the wp-content folder of the WordPress installation.
FTP_PLUGIN_DIR is the full path to the plugins folder of the WordPress installation.
We had the same problem as part of a bigger problem. The suggested solution of
define('FS_METHOD', 'direct');
hides that window but then we still had problems with loading themes and upgrades etc. It is related to permissions however in our case we fixed the problem by moving from php OS vendor mod_php to the more secure php OS vendor FastCGI application.
First move to your installation folder (for example)
cd /Applications/XAMPP/xamppfiles/
Now we’re going to modify your htdocs directory:
sudo chown -R daemon htdocs
Enter your root password when prompted, then finish it out with a chmod call:
sudo chmod -R g+w htdocs
I was facing the same problem!
I've added the code below in wp-config.php file (in any line) and it's working now!
define('FS_METHOD', 'direct');
define('FS_METHOD', 'direct');
Add this to wp-config.php
If the issue still persist , you can try setting permission of plugin folder to 755
Or in linux you can set it by this command
Chmod -R 755
As mentioned by Niels, this happens because the server process user can't write to the Wordpress folder.
But here's the thing a lot of articles don't explain. It's the owner of the php process, not the nginx process. If you try to change the nginx owner, it won't solve this.
To solve it, try running ps aux to see which user owns the php-fpm process. Then check that user is the same user as the owner of the wordpress folder, or can at least write to it. If the user can't write to it, you'll need to change permissions and/or ownership of the folder; or put the two users (server owner and wordpress folder owner) in a common group which can write to the folder; or change php.ini "user" property to a user that can write to the folder.
Changing the ownership of the files worked but only after I logged out of my wordpress website and logged in again. I also restarted the Apache server, but that may not be necessary.