What is the minimum permissions to set the site files to, in order to allow apache2/php to execute code, show html/css/js, and for some files update settings download and install plugins.
The websites I am building are either Drupal or Wordpress.
I'd like to set permissions so that www-data has the minimum permissions and the admin (which is me for now) has permissions to allow him to do tasks from an SSH session without needing sudo.
[Edit]
I'd like to add that I have full access to the LAMP server via SSH. What I am after is the most restrictive and hence the most secure way to set user and group permissions, so in short:
What group
What owner
What permissions
For all site files for say a wordpress
In order to achieve
Apache can access the files and execute PHP
For some special files or folders the Wordpress should be able to change
The admin can easily change files without having to use sudo
Mostly the directory should have the permission set to 755. If you set it to 777 then the files can be written there. Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. Never specify files greater than 666 unless specified.
Some hosting only allow uploads on 777 permission only avoid such and try contacting hosting for this.
See at https://codex.wordpress.org/Changing_File_Permissions
I am working on a WordPress website from 2 months and I have uploaded many images before but I am getting an error when uploading image and I am facing this issue after new year :- The uploaded file could not be moved to wp-content/uploads/2015/01.
there is Screenshot below:-
This article explains and resolves the issue very well: http://2surge.com/how-to-fix-the-uploaded-file-could-not-be-moved-to-wp-content-error-message
The basic premise is that the identity of the process running your httpd / apache / web server thread must have write access to your upload directory.
To resolve the issue:
Check which account your webserver is running under
Update: On Unix use...
ps aux | egrep '(apache|httpd)'
... this will show a list of processes for the web server along with the identity of the process under which its running e.g."nobody"
nobody 8718 0.1 0.4 1332864 17180 ? Sl 17:11 0:06 /usr/local/apache/bin/httpd -k start -DSSL
Update the permission of the upload directory to allow that account to write to it.
Update: On Unix, you can use...
chown -R nobody /<path to upload directory>/wp-content/upload/
You can also amend permissions for this account (at the rquired location) to ensure it has write permissions using chmod or filezilla and cascade the changes to the directories as necessary.
Check out the linked article for a detailed breakdown. Hope that helps! :)
This works for me.
$ sudo chown -R _www uploads/
$ sudo chmod -R g+w uploads/
I am assuming you are in the wp-content directory.
You just need to give permission to PHP to write in the uploads folder, this worked for me:
sudo chown -R www-data <path>/wp-content/uploads
I have searched and found that the problem is from server provider.
Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared hosts, files should never be owned by the webserver process itself (sometimes this is www, or apache, or nobody user).
Any file that needs write access from WordPress should be owned or group-owned by the user account used by the WordPress (which may be different than the server account). For example, you may have a user account that lets you FTP files back and forth to your server, but your server itself may run using a separate user, in a separate usergroup, such as dhapache or nobody. If WordPress is running as the FTP account, that account needs to have write access, i.e., be the owner of the files, or belong to a group that has write access. In the latter case, that would mean permissions are set more permissively than default (for example, 775 rather than 755 for folders, and 664 instead of 644).
You can see here how to change file permission..
If you're using something with SELinux (like Fedora or CentOS), you'll also need to set SELinux permissions. Assuming that your directory is called uploads (for example)
chcon -R -t httpd_sys_rw_content_t uploads
This will set uploads and everything under it to be uploadable to the web server user
it probably doesn't have the permissions to create
/uploads/2015
Check if that folder exists, if it does, then check
if /uploads/2015/1/ exists.
permissions:
chmod 755 /uploads/2015/1/
chown www-data:www-data /uploads/2015/1/
These folders should have the same permissions as the /uploads/ folder.
Also check the error_log, because it should show you exactly what folder is causing the issue.
This works for me
sudo chown -R www-data html
Assuming current directory is www
Ubuntu 16.04, Apache2
I had this problem as well and found out it was because the hosting account's disk quota was exceeded.
I found that there was an old script that was logging errors and the error log had gotten so big it filled the available quota.
I finally figured it out when I attempted to create a new directory using FTP and the server response was "Disk quota exceeded."
I got this error on a cPanel hosting account, where the disk quota (for the account) was not an issue. After delving into it for a while, I found that cPanel's "Select PHP Version" tool was set to v7.1 but multiple WordPress diagnosis tools were detecting v5.6 was actually running, and they also detected file system issues.
The File Manager tool in cPanel showed all the permissions were correct, and the folders were writeable.
One of the diagnosis tools I used was part of the Wordfence plugin. It was available on the Dashboard menu at Wordfence > Tools > Diagnostics (tab).
I reported the issue to the hosting company, and it appeared to fix itself overnight (the person who responded to my support ticket indicated they didn't fix anything). I think it's likely it was a symptom of a problem that affected multiple hosting accounts, and somebody else within the hosting company probably detected it and fixed it.
In case others encounter a similar issue, I hope this answer helps them spend less time trying to track it down. Once I discovered the incorrect PHP version appeared to be running, I figured it was probably not something I could fix with only cPanel access.
This will happen when you migrate a WP site to a different server.
Problem is the ownership.
Run this in a terminal:
chown -R <site-user-name> /home/<site-directory>/public_html
z
There are multiple reason because of this such error arise.
Main problem is folder permission.
wp-content/upload/
Folder permission must be 775 or 664.
Other solution if the error not get resolved try below
Go to Cpanel and your website folder or by using FTP.
Then you will get wp-config.php {This file available on root folder}
In that do below change
Open the wp-config.php file and add the following code:
define( 'UPLOADS', 'wp-content/uploads' );
before below line
require_once(ABSPATH . 'wp-settings.php');
I hope this will help. It's help me on Plesk Hosting.
This solution is only for those who use the cPanel control panel, and you must test this for other panels like aaPanel, Directadmin and others ...
Be sure to take a snapshot/checkpoint from your server before making changes.
Install the mod_suphp module through Easy Apache.
After installation from the MultiPHP Manager section:
Select suphp from the drop-down menu under the PHP Handler column
And finally, apply the changes.
Test again and if necessary type the following commands:
/usr/local/cpanel/bin/rebuild_phpconf –current
Open you xampp
Click on explore
Double click on folder of your project
Click on "Get Info" in options list
Unlock the locker in the right bottom side by entering your password
Then change permissions to read and write
MOST IMPORTANT POINT, remember to click on the bottom left conner dropdown and select Apply to all
There it will work.
Watch how it is done in this video
Thank me later How to fix xampp permission problem on mac
Changing directory permission to 777 helped me.
I am developing an application which is having 2 servers. The first one is Web Server, where I save my PHP files and another one is File Server where I am storing all the files uploaded by the user.
I want to assign the write permission to directory at runtime so that I can upload the file and after uploading the file I need to change its permission to its previous state.
When I tried chomod(FILE_PATH, 0755). It shows me an error. Assign write permission as root. I have the administrator level credentials of File Server.
What I want is to "Grant permission 777 to the directory by logging in as root at runtime"
Kindly help if there is any code sample available. Thanks in Advance.
You do NOT want to have your server logging in as root. Let me say that again. You really do NOT want your webserver to be logged on as root. If you did that, anyone that got control of PHP could do anything at all on the server. It is seriously unadvisable.
What you want to do is change the owner of the folder to either be the webserver, or assign it into the same group so that the webserver can happily change your folder options and the like.
You can use sudo chown username somedir to change the owner. This article might also help clear up permissions for you.
Edit: Try this blog post for a fairly good broad-ranging article on linux permissions.
In my application, I have provided facility to upload images. But when someone uploads images then it uploaded to server with default permissions 600 and with user www-data. My FTP username is different its say uvideo.
As images are uploaded with default www-data, so when I am trying to change or delete them via FTP, then its not working.
I want them to be uploaded with username and group as uvideo? Is it possible in php?
Or if not then is there any possibility to achieve the same via server, I am using Ubuntu LAMP setup.
Please help, thanks!
PHP has a command chown but you can't use it unless your web server is running as root which you should never do
Attempts to change the owner of the file filename to user user. Only the superuser may change the owner of a file.
There is also chgrp but you limited to changing the group to only groups the web user is able to.
You can however use chmod to make the file writeable by your ftp user account.
You could also, add your ftp user to the same group as your web user and and set group write permissions chmod 0775
I have checked out articles and tutorials.
I don't know what to do about the security of my picture upload-folder.
It is pictures for classifieds which should be uploaded to the folder.
This is what I want:
Anybody may upload images to the folder.
The images will be moved to another folder, by another php-code later on (automatic).
Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days.
What should I do here?
The images are uploaded via a php-upload script.
This script checks to see if the extension of the file is actually a valid image-file.
When I try this:
chmod 755 images
the images wont be uploaded.
But like this it works:
chmod 777 images
But 777 is a security risk right?
Please give me detailed information...
The Q is, what to do to solve this problem, not info about what permissions there are etc etc...
Thanks
If you need more info let me know...
You have to make sure the upload folder is owned by apache or whoever user is as which the http server is started.
Alternatively you can use 775 owned by the UID who will be collecting the files and with as gid the group id as which the webserver is started.
There are of course variations on these themes.
As long as the webserver user or webserver group has permission to write in the folder, it will be fine for uploading.
There are all kind of cornercases, but then we'll need more info about your setup.
0 No Permissions (the user(s) cannot
do anything)
1 Execute Only (the user(s) can only
execute the file)
2 Write Only (the user(s) can only
write to the file)
3 Write and Execute Permissions
4 Read Only
5 Read and Execute Permissions
6 Read and Write Permissions
7 Read, Write and Execute Permissions
First number = OWNER
Second number = GROUP
Third number = OTHER USERS
One possibility for why it only works with 777 permissions might be if you are running SELinux. It's possible that it is preventing the write. I would have thought though that it would have prevented it even with the 777 permsissions but I'm no SELinux expert.
Every newbie mix users up. :)
You just have to distinguish OS user and website user.
The latter one has nothing to do with OS permissions.
For the OS users you have given 2 of them:
FTP user, owner of the files, uploaded via FTP
webserver user, owner of the files uploaded via browser.
Site user, who have no direct access to any files at all.
So, in case both these users are the same, you have no worry about.
But usually these are different users. So, one has no access to other's files unless directories has 777 and files 755.
That's why you have to set 777 for directories.
As we have learned above that website users has nothing to do with os permissions, you should not worry about security. 777 is ok.