Setting up permissions for WordPress on Amazon EC2 (Amazon Linux)

2 Views

I setup WordPress on an Amazon EC2 instance. It’s using Amazon Linux and is a standard setup (just php5 and mysql).

WordPress works fine, but there’s some permission issues. Specifically I can’t upload media, update permalink, plugins, etc. I have no write permission under the ec2-user and because I uploaded all the files over WinSCP the current owner is ec2-user.

Read More

My question is what’s the best way to correct this issue? I could probably fix it by changing ownership of all folders/files to root, but that’s not a very elegant or dynamic solution.

The path to my web directory is /var/www/html. Can I allow the ec2-user the correct permissions? Perhaps by having a group that both the Apache user and ec2-user share?

Any ideas would be appreciated

Post Views: 2

Related posts

Leave a Reply

5 comments

  1. See http://blog.david-jensen.com/development/wordpress-amazon-ec2-apache-permissions-wordpress/ among other Google results. He looks to have had good luck:

    I have been doing my best to figure out the Amazon EC2 Apache setup of
    permissions to enable WordPress to be able to manage all of the files
    on my Amazon EC2 instance without WordPress asking for FTP permissions
    when I try to upload a plugin or theme via the Admin site. I ended up
    having to give file and group ownership of the files in my html folder
    to apache user for WordPress to run correctly.
    http://www.chrisabernethy.com/why-wordpress-asks-connection-info/ and
    its comments helped me reach this conclusion.

    From the webpage:

    Run

    sudo su chown -R apache:apache /vol/html

    I then set permissions to what the hardening WordPress guide recommends for my html root as all my WordPress files are there as I am running MultiSite with multiple domains.

    find /vol/html/ -type d -exec chmod 755 {} ;
find /vol/html/ -type f -exec chmod 644 {} ;

    As apache doesn’t have a login I feel this is worth the risk though there is probably a better way to do this. I then added ec2-user to the apache group and changed the permissions of the wp-content folder to have group write permission 775.

    useradd -G apache ec2-user
sudo chmod -R 775 /vol/html/wp-content

    This allows FileZilla or any other program logged in as ec2-user the ability to change files and folders in the wp-content folder only. If anyone has a better way of doing this I would like to know. I am only using SSH and SFTP to access the server with key files.

  2. I set the owner to ec2-user:apache, then perform the hardening, then adjust the group read+write permissions for the folders.

    sudo chown -R ec2-user:apache /vol/html
sudo chmod -R 755 /vol/html

sudo find /vol/html/ -type d -exec chmod 755 {} ;
sudo find /vol/html/ -type f -exec chmod 644 {} ;

sudo chgrp -R apache /vol/html
sudo chmod -R g+rw /vol/html
sudo chmod -R g+s /vol/html

    Then edit /wordpress-install/wp-config.php and define the fs_method

    define('FS_METHOD', 'direct');

    Now wordpress can update/upload, etc. And you can still SFTP files without changing the permissions every time.

  3. I tried the solution provided in the answer by @markratledge for my AWS EC2 instance (Amazon Linux).

    WordPress(apache) was good, but SFTP(ec2-user) was giving permission errors.

    Then I tried the following:

    I added ec2-user to the apache group:

    usermod -a -G apache ec2-user

    Next I set ‘apache’ as owner group and ‘ec2-user’ as owner user for the WordPress installation directory (/var/www/html in my case):

    chown -R apache:ec2-user /var/www/html

    Finally, WordPress was happy and I could SFTP too. Thanks!

  4. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hosting-wordpress.html

    To fix file permissions for the Apache web server

    Some of the available features in WordPress require write access to
    the Apache document root (such as uploading media though the
    Administration screens). The web server runs as the apache user, so
    you need to add that user to the www group that was created in the
    LAMP web server tutorial.

    Add the apache user to the www group.

    [ec2-user wordpress]$ sudo usermod -a -G www apache Change the file
    ownership of /var/www and its contents to the apache user.

    [ec2-user wordpress]$ sudo chown -R apache /var/www Change the group
    ownership of /var/www and its contents to the www group.

    [ec2-user wordpress]$ sudo chgrp -R www /var/www Change the directory
    permissions of /var/www and its subdirectories to add group write
    permissions and to set the group ID on future subdirectories.

    [ec2-user wordpress]$ sudo chmod 2775 /var/www [ec2-user wordpress]$
    find /var/www -type d -exec sudo chmod 2775 {} ; Recursively change
    the file permissions of /var/www and its subdirectories to add group
    write permissions.

    [ec2-user wordpress]$ find /var/www -type f -exec sudo chmod 0664 {}
    ; Restart the Apache web server to pick up the new group and
    permissions.

    [ec2-user wordpress]$ sudo service httpd restart Stopping httpd:
    [ OK ] Starting httpd: [
    OK ]

  5. I came across this question searching for the answer. I set all ownership and group ownership to Apache. However, if I want to upload something ftp I have to ssh change permissions to ec2-user upload the file and change it back. I figured it was a small price to pay to have the permissions set to WordPress’s recommended settings.