Configure file ownership and permissions
This topic discusses how to set read-write permissions for the web server group before you install Adobe Commerce or Magento Open Source. This is necessary so the command line can write files to the file system.
The procedure you use is different, depending on whether you use shared hosting and have one user or if you use a private server and have two users.
Set permissions for one user on shared hosting
This section discusses how to set pre-installation permissions if you log in to the application server as the same user that also runs the web server. This type of setup is common in shared hosting environments.
To set permissions before you install the application:
-
Log in to your application server.
-
Use a file manager application provided by your shared hosting provider to verify that write permissions are set on the following directories:
vendor
(Composer or compressed archive installation)app/etc
pub/static
var
generated
- Any other static resources
-
If you have command-line access, enter the following commands in the order shown:
code language-bash cd <app_root>
code language-bash find var generated vendor pub/static pub/media app/etc -type f -exec chmod u+w {} +
code language-bash find var generated vendor pub/static pub/media app/etc -type d -exec chmod u+w {} +
code language-bash chmod u+x bin/magento
To optionally enter all commands on one line, enter the following assuming the application is installed in
/var/www/html/magento2
:code language-bash cd /var/www/html/magento2 && find var generated vendor pub/static pub/media app/etc -type f -exec chmod u+w {} + && find var generated vendor pub/static pub/media app/etc -type d -exec chmod u+w {} + && chmod u+x bin/magento
-
If you have not already done so, get the application in one of the following ways:
-
After you have set file system ownership and permissions, install the application
Set ownership and permissions for two users
This section discusses how to set ownership and permissions for your own server or a private hosting setup. In this type of setup, you typically cannot log in as, or switch to, the web server user. You typically log in as one user and run the web server as a different user.
To set ownership and permissions for a two-user system:
Complete the following tasks in the order shown:
About the shared group
To enable the web server to write files and directories in the file system but to also maintain ownership by the file system owner, both users must be in the same group. This is necessary so both users can share access to files (including files created using the Admin or other web-based utilities).
This section discusses how to create a file system owner and put that user in the web server’s group. You can use an existing user account if you wish; we recommend that the user have a strong password for security reasons.
Create the file system owner and give the user a strong password
This section discusses how to create the file system owner. (file system owner is another term for the command-line user.)
To create a user on CentOS or Ubuntu, enter the following command as a user with root
privileges:
adduser <username>
To give the user a password, enter the following command as a user with root
privileges:
passwd <username>
Follow the prompts on your screen to create a password for the user.
root
privileges on your application server, you can use another local user account. Make sure that the user has a strong password and continue with Put the file system owner in the web server group.For example, to create a user named magento_user
and give the user a password, enter:
sudo adduser magento_user
sudo passwd magento_user
Find the web server user group
To find the web server user’s group:
-
CentOS:
code language-bash grep -E -i '^user|^group' /etc/httpd/conf/httpd.conf
or
code language-bash grep -Ei '^user|^group' /etc/httpd/conf/httpd.conf
Typically, the user and group name are both apache
.
- Ubuntu:
ps aux | grep apache
to find the Apache user, thengroups <apache user>
to find the group.
Typically, the username and the group name are both www-data
.
Put the file system owner in the web server group
To put the file system owner in the web server’s primary group (assuming the typical Apache group name for CentOS and Ubuntu), enter the following command as a user with root
privileges:
- CentOS:
usermod -a -G apache <username>
- Ubuntu:
usermod -a -G www-data <username>
-a -G
options are important because they add apache
or www-data
as a secondary group to the user account, which preserves the user’s primary group. Adding a secondary group to a user account helps restrict file ownership and permissions to ensure members of a shared group only have access to certain files.For example, to add the user magento_user
to the apache
primary group on CentOS:
sudo usermod -a -G apache magento_user
To confirm that your user is a member of the web server group, enter the following command:
groups magento_user
The following sample result shows the user’s primary (magento
) and secondary (apache
) groups.
magento_user : magento_user apache
To complete the task, restart the web server:
- Ubuntu:
service apache2 restart
- CentOS:
service httpd restart
Get the software
If you have not already done so, get the software in one of the following ways:
Set ownership and permissions for the shared group
To set ownership and permissions before you install the application:
-
Log in to your application server as, or switch to, the file system owner.
-
Enter the following commands in the order shown:
code language-bash cd <app_root>
code language-bash find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} +
code language-bash find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} +
code language-bash chown -R :<web server group> .
code language-bash chmod u+x bin/magento
To optionally enter all commands on one line, enter the following assuming the application is installed in /var/www/html/magento2
and the web server group name is apache
:
cd /var/www/html/magento2 && find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} + && find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} + && chown -R :apache . && chmod u+x bin/magento
In the event file system permissions are set improperly and can’t be changed by the file system owner, you can enter the command as a user with root
privileges:
cd /var/www/html/magento2 && sudo find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} + && sudo find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} + && sudo chown -R :apache . && sudo chmod u+x bin/magento
Switch to the file system owner
After you’ve performed the other tasks in this topic, enter one of the following commands to switch to that user:
- Ubuntu:
su <username>
- CentOS:
su - <username>
For example,
su magento_user