So you want your WordPress or Jooma or (insert other CMS with web dashboard here) to work but you also want to upload things via FTP and it keeps messing up permissions?
Most likely you’re (a) not on a shared host nor (b) using something like cPanel with suPHP as your PHP handler. In fact, you’re most likely running your own setup with the default DSO php handler.
Now you could just give everything 777 permissions (stand by for a post on why this isn’t as bad as people have lead you to believe but I still recommend against it!) or you could do the smart thing and make a group!
I’m going to show you how I typically work around this problem for my clients and myself, with a group!
Remove ACLs that could interfere
setfacl -Rb /home/admin/sites/
I find a lot of weird things on servers where people have been “playing” around with permissions that work. You can ignore this if you have never used setfacl before. This will clear whats there. -R being recursive and -b being to wipe
Change directories and files to be group readable / writable
Another common issue I find is that by the time I’ve been asked to help, my client has given up and made everything 777 but then got freaked out when they heard 777 is WORLD WRITABLE (AHHHH!! OMG!! Okay thats true but the ‘world’ ends at the server level). I always set folders and files back to 775 and 664.
775 and 664 vs 755 and 644 because we’re giving “group” some elevated permissions rather than just the user.
find /home/admin/sites/ -type d -print0 | xargs -0 chmod 0775
find /home/admin/sites/ -type f -not -name "*.pl" -not -name "*.cgi" -not -name "*.sh" -print0 | xargs -0 chmod 0664
Setup the group and set permissions
Then I create a “www” group. You’ll also often see “www-data” or on shared hosts, some group related to your account number. This group holds all the users that need access to your files, in this example “admin” (as my ftp user) and “apache” as my Apache web server user.
Also, at the end, I grant group +s
+s gives it sticky permissions. This means the group retains the owner of its parent so regardless if “admin” edits the file or created a new file in the folder or “apache” edits the file or creates a new file in the folder, the group will always remain “www”.
usermod -a -G www admin
usermod -a -G www apache
chgrp -R www /home/admin/sites/
chmod -R g+ws /home/admin/sites/
If you’re using WordPress…
Almost everything I post is centered around WordPress. I do a lot of work directly related to WordPress so its fitting I have handy instructions for such a scenario!
WordPress doesn’t check to see if it can actually write. It just checks to see if the USER is the same as the webserver user then degrades down to a prompt asking for FTP credentials so it can make the change.
The following lines has wordpress actually check the filesystem and see if it has the ability to manage the file (which it will through group permissions) and it will maintain permissions of 775 and 664 for folders and files, respectively. (Default for WordPress is 755 and 644).
define( 'FS_METHOD', 'direct' );
define( 'FS_CHMOD_DIR', 0775 );
define( 'FS_CHMOD_FILE', 0664 );