Table of contents
We refer to the Magento file system owner as a user who owns and can write to files in the Magento file system. The Magento file system owner is sometimes referred to as the command-line user.
Each owner has different permissions on file reading/writing in order to prevent issues related to unauthorized people or processes doing potentially harmful things to your system.
Overview of Ownership and Permissions in Magento
Before you install Magento 2, remember to set read-write file permissions for the web server group. This is necessary so the Setup Wizard or command line can write files to the Magento file system.
The procedure you use is different, depending on whether you use shared hosting and have one user or if you use a private server and have two users.
1. Private Hosting
Step 1: Set up system owners
- Use the following command to create a user with root authorities:
adduser <username>
- Use the following command to create a user password with root authorities:
passwd <username>
Step 2: Detect the web server user group
To detect the apache use, type:
-ps aux | grep apache
-groups <apache user> for the group
Usually, you should see both the user name and the group name as www-data
Step 3: Set the file system owner in the web server group
usermod -g www-data <username>
Then, make sure that your user is a member of the web server group:
groups <user name>
Step 4: Set ownership and permissions for Magento
Before the Magento 2 installation, remember to set your ownership and permissions
- Log in to your Magento server and switch mode to Magento file system owner.
- Use the following commands
cd <your Magento install dir> find var vendor pub/static pub/media app/etc -type f -exec chmod g+w {} \; find var vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} \; chown -R :<web server group> chmod u+x bin/magento
Use the following commands and assume Magento is set in/var/www/html/magento2 and the web server group name is apache:
cd /var/www/html/magento2 && find var vendor pub/static pub/media app/etc -type f -exec chmod g+w {} \; && find var vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} \; && chown -R :apache . && chmod u+x bin/magento
You might need to use the following command as a user with root authorities since in the event, the Magento file system permissions are set incorrectly and impossible to be modified by the Magento file system owner:
cd /var/www/html/magento2 && sudo find var vendor pub/static pub/media app/etc -type f -exec chmod g+w {} \; && sudo find var vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} \; && sudo chown -R :apache . && sudo chmod u+x bin/magento
2. Shared Hosting
Remember the login to your Magento server with the same user running the web server.
1. Set up one owner for default or developer mode
In default or developer mode, the user needs to have access to write the following directories:
- Vendor
- app/etc
- pub/static
- Var
- Any other static resources
- var/generation
- var/di
- var/view_preprocessed
Both the command line and a file manager application which is provided by your shared hosting provider can be applied to set these permissions.
2. Set up one owner for production mode
Write access from files should be removed in the below directories for better security when you are ready to proceed your site to production:
- Vendor
- app/code
- app/etc
- pub/static
- Any other static resources
- var/generation
- var/di
- var/view_preprocessed
All of the preceding directories must be read-write so as to update component, install new components, or to upgrade the Magento software.
Make code files and directories read-only
To remove writable permissions to files and directories from the web server user’s group, follow these steps below:
- First, you need to login to your Magento server.
- And then, navigate to your Magento installation directory.
- Next up, you need to enter the following command to change to production mode:
php bin/magento deploy:mode:set production
- Then, enter the following command:
find app/code pub/static app/etc var/generation var/di var/view_preprocessed vendor \( -type f -or -type d \) -exec chmod u-w {} \; && chmod o-rwx app/etc/env.php && chmod u+x bin/magento
Make code files and directories writable:
You can update components and upgrade the Magento software so as to make files and directories writable
- First, you need to login to your Magento server.
- Next, change to your Magento installation directory.
- And then, enter the followings:
chmod -R u+w
Hope this helps!
Further Reading:
Magento 2 Developer Mode: The Ultimate Guide
Magento 2 System Requirements
Magento 2 “Invalid Form Key”