Title: WordPress Server Permissions
Last modified: August 21, 2016

---

# WordPress Server Permissions

 *  [Jason Adams](https://wordpress.org/support/users/jason_the_adams/)
 * (@jason_the_adams)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/)
 * Greetings!
 * I’ve been fighting this for a couple months now, so it’d be really awesome if
   someone could help me figure out.
 * What I’m trying to accomplish is to have the owner of a directory and its contents
   be something other than the server user (in this case www-data), yet still allow
   the server to read/write to said directory. Here’s what I’ve tried:
    1. Add the user to the www-data group
    2. Set all files/folders chown to user:www-data
    3. Set all directories to 775 permission
    4. Set all files to 664 permission
 * This almost works. For some crazy reason though I still cannot install/update
   plugins or the wordpress core — any moment wherein www-data would need to create
   a directory and create/modify/delete files. If, however, I chown www-data -R 
   the entire directory, it works. This absolutely baffles me!
 * I’m also gone the ACL route:
    1. Install acl, add to fstab, remount
    2. Setfacl -Rdm g:www-data:rwx wordpress/
    3. Find wordpress/ -type f -exec setfacl -m g:www-data:rw {} \;
 * I even tried adding an acl for www-data as a user as well as a group. No difference.
 * I absolutely must be missing some simple permissions concept here. I actually
   got it to work on one site, but I have absolutely no idea why it worked on that
   one and not 4 others. Someone please shed some light on this! It’s driving me
   bonkers! Hahah!
 * Thank you!
 * P.S. The same problem occurs on either apache or nginx, so I’m sure it’s a permissions
   issue.

Viewing 11 replies - 1 through 11 (of 11 total)

 *  [Ractors](https://wordpress.org/support/users/ractors/)
 * (@ractors)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824422)
 * what is your php handler ?
 *  Thread Starter [Jason Adams](https://wordpress.org/support/users/jason_the_adams/)
 * (@jason_the_adams)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824505)
 * I believe FastCGI, is there a way for me to tell? I’m having trouble being sure.
 *  [Ractors](https://wordpress.org/support/users/ractors/)
 * (@ractors)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824553)
 * change folder permission to 777 and file permission to 666
 *  Thread Starter [Jason Adams](https://wordpress.org/support/users/jason_the_adams/)
 * (@jason_the_adams)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824565)
 * Er.. umm.. can you please elaborate more on your answer? That’s normally really
   bad advise. I would hope WordPress wouldn’t require fully open permissions like
   that.
 * If I had to do that, I’d rather change the owner to www-data.
 *  [Ovidiu](https://wordpress.org/support/users/ovidiu/)
 * (@ovidiu)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824566)
 * You seem to contradict yourself or am I reading this wrong?
 * > What I’m trying to accomplish is to have the owner of a directory and its contents
   > be something other than the server user (in this case www-data), yet still 
   > allow the server to read/write to said directory. Here’s what I’ve tried:
   > Add the user to the www-data group
   >  Set all files/folders chown to user:www-
   > data
 * You want i.e. user1 to own the web directory why then do you:
 * > Set all files/folders chown to user:www-data
 * If I get your right, you’d need to create a group that owns the web folder and
   add the user1 and www-data to that group, then make that group the owner of the
   web folder.
 *  Thread Starter [Jason Adams](https://wordpress.org/support/users/jason_the_adams/)
 * (@jason_the_adams)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824567)
 * I’ll admit, adding the user to the www-data group is redundant in the end, but
   I don’t think there’s a contradiction going on, but I think I get what you’re
   saying.
 * As I understood it, I’m providing the user access to the files by assigning them
   as the owner to the file. They inherit the permissions of the first octet.
 * The http server, on the other hand, has the user/group www-data, and it’s given
   access by assigning www-data as the group to the file. These permissions are 
   defined in the middle octet.
 * Therefore if I assign the owner as user:www-data and provide file/folder permissions
   as 664/775, respectively, that should provide ample access to both. In fact, 
   it should be the same.
 * Something is clearly wrong in my thinking, or something, though. What you’re 
   saying is that I’d need a third user/group and add both the initial user and 
   www-data user to that group? That just doesn’t sound right to me.
 *  [Ovidiu](https://wordpress.org/support/users/ovidiu/)
 * (@ovidiu)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824568)
 * LOL, I’M getting as confused as you. Let me explain what I use and what I understand
   from your request, maybe it helps.
 * on my machine the Control Panel I use, creates a user/group for each client.
   
   their web folder is owned by this user/group: i.e. webx:clientx my web server
   runs as www-data so obviously www-data needs to be part of the clientx group 
   to be able to write to the web folder.
 * Does that make more sense now to you?
 * ***just re-read your test***
 * > As I understood it, I’m providing the user access to the files by assigning
   > them as the owner to the file. They inherit the permissions of the first octet.
   > The http server, on the other hand, has the user/group www-data, and it’s given
   > access by assigning www-data as the group to the file. These permissions are
   > defined in the middle octet.
   > Therefore if I assign the owner as user:www-data and provide file/folder permissions
   > as 664/775, respectively, that should provide ample access to both. In fact,
   > it should be the same.
 *  Sounds al sound to me 🙂
 * Have you tried this:
 * chown -R user:www-data web/
    chmod -R 775 web/
 * I know its bit more perms as you initially wanted but just give it a try and 
   then try and maybe adjust to what you want?
 *  [Ractors](https://wordpress.org/support/users/ractors/)
 * (@ractors)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824569)
 * Don’t you need to change group of directory to www-data
 *  Thread Starter [Jason Adams](https://wordpress.org/support/users/jason_the_adams/)
 * (@jason_the_adams)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824570)
 * Hahah! Thanks for clearing that up for me, Ovidu. 🙂
 * > chown -R user:www-data web/
   >  chmod -R 775 web/
 * Yup, I’ve tried exactly that.
 * But it sounds like you’re doing the inverse of what I’m doing. You’re assigning
   www-data to the clientx group, and leaving the user/group for their files as 
   clientx:clientx. While this makes sense, it doesn’t sound as secure. That would
   mean, assuming you’re granting access to your user’s home directory and they 
   have a www or public_html folder therein, that apache/nginx actually has access
   to _every_ folder/file within their home directory, rather than just their www/
   public_html directory.
 * Still, I wonder if there is something different to the way you’re doing it. Hmm..
   🙂
 *  [Ovidiu](https://wordpress.org/support/users/ovidiu/)
 * (@ovidiu)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824571)
 * [@jason](https://wordpress.org/support/users/jason/): no idea why you’re having
   probs if you did just that. Btw. I only have these perms on the www or web or
   public_html folder …
 *  Thread Starter [Jason Adams](https://wordpress.org/support/users/jason_the_adams/)
 * (@jason_the_adams)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824572)
 * > no idea why you’re having probs if you did just that.
 * Me either. 🙁
 * But, like I said, if I change the user to www-data (chown www-data web/ -R), 
   all the problems go away. There has to be one stupid thing I’m not doing! Argh!
   Hahah!

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘WordPress Server Permissions’ is closed to new replies.

## Tags

 * [acl](https://wordpress.org/support/topic-tag/acl/)
 * [apache](https://wordpress.org/support/topic-tag/apache/)
 * [nginx](https://wordpress.org/support/topic-tag/nginx/)
 * [permissions](https://wordpress.org/support/topic-tag/permissions/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 11 replies
 * 3 participants
 * Last reply from: [Jason Adams](https://wordpress.org/support/users/jason_the_adams/)
 * Last activity: [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-server-permissions/#post-4824572)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics