WordPress Server Permissions

what is your php handler ?

I believe FastCGI, is there a way for me to tell? I’m having trouble being sure.

change folder permission to 777 and file permission to 666

Er.. umm.. can you please elaborate more on your answer? That’s normally really bad advise. I would hope WordPress wouldn’t require fully open permissions like that.

If I had to do that, I’d rather change the owner to www-data.

You seem to contradict yourself or am I reading this wrong?

What I’m trying to accomplish is to have the owner of a directory and its contents be something other than the server user (in this case www-data), yet still allow the server to read/write to said directory. Here’s what I’ve tried:

Add the user to the www-data group
Set all files/folders chown to user:www-data

You want i.e. user1 to own the web directory why then do you:

Set all files/folders chown to user:www-data

If I get your right, you’d need to create a group that owns the web folder and add the user1 and www-data to that group, then make that group the owner of the web folder.

I’ll admit, adding the user to the www-data group is redundant in the end, but I don’t think there’s a contradiction going on, but I think I get what you’re saying.

As I understood it, I’m providing the user access to the files by assigning them as the owner to the file. They inherit the permissions of the first octet.

The http server, on the other hand, has the user/group www-data, and it’s given access by assigning www-data as the group to the file. These permissions are defined in the middle octet.

Therefore if I assign the owner as user:www-data and provide file/folder permissions as 664/775, respectively, that should provide ample access to both. In fact, it should be the same.

Something is clearly wrong in my thinking, or something, though. What you’re saying is that I’d need a third user/group and add both the initial user and www-data user to that group? That just doesn’t sound right to me.

LOL, I’M getting as confused as you. Let me explain what I use and what I understand from your request, maybe it helps.

on my machine the Control Panel I use, creates a user/group for each client.
their web folder is owned by this user/group:
i.e. webx:clientx
my web server runs as www-data so obviously www-data needs to be part of the clientx group to be able to write to the web folder.

Does that make more sense now to you?

***just re-read your test***

As I understood it, I’m providing the user access to the files by assigning them as the owner to the file. They inherit the permissions of the first octet.

The http server, on the other hand, has the user/group www-data, and it’s given access by assigning www-data as the group to the file. These permissions are defined in the middle octet.

Therefore if I assign the owner as user:www-data and provide file/folder permissions as 664/775, respectively, that should provide ample access to both. In fact, it should be the same.

Sounds al sound to me ??

Have you tried this:

chown -R user:www-data web/
chmod -R 775 web/

I know its bit more perms as you initially wanted but just give it a try and then try and maybe adjust to what you want?

Don’t you need to change group of directory to www-data

Hahah! Thanks for clearing that up for me, Ovidu. ??

chown -R user:www-data web/
chmod -R 775 web/

Yup, I’ve tried exactly that.

But it sounds like you’re doing the inverse of what I’m doing. You’re assigning www-data to the clientx group, and leaving the user/group for their files as clientx:clientx. While this makes sense, it doesn’t sound as secure. That would mean, assuming you’re granting access to your user’s home directory and they have a www or public_html folder therein, that apache/nginx actually has access to every folder/file within their home directory, rather than just their www/public_html directory.

Still, I wonder if there is something different to the way you’re doing it. Hmm.. ??

@jason: no idea why you’re having probs if you did just that. Btw. I only have these perms on the www or web or public_html folder …

no idea why you’re having probs if you did just that.

Me either. ??

But, like I said, if I change the user to www-data (chown www-data web/ -R), all the problems go away. There has to be one stupid thing I’m not doing! Argh! Hahah!