Setting permissions to WordPress to install plugins is preventing access through SSH

David Cabeza Source

I have read several ways to solve the problem of permissions in WordPress to install themes and plugins from the WordPress administration.

As I understand the problem is that the owner of the folder where WordPress is installed must be the user who manages the web server (read postdata). In my case with Apache and AWS, www-data.

However, by changing the owner to www-data (even just changing the group to this user), I lose SSH access to the server. In this case I had to ask the administrator of the entire server to access from its user and restore the owner and permissions of the folder.

I am using Amazon Web Services with Ubuntu 16.0.4 LTS where I have access to a main user and the installation of WordPress is located at the root of the user, i.e. /home/myuser/

I am accessing via SSH with a .pem key and with [email protected]

What can I do?

Thank you so much.

PD: WordPress in this guide says that the owner always has to be the ftp web server owner (i.e. myuser) and never the webserver, I agree.

wordpressamazon-web-servicesubuntussh

Answers

answered 10 months ago David Cabeza #1

I hate having to answer my own question but maybe I can help others solve problems easily and fast. This is what worked for me:

BEFORE DOING ALL OF THIS YOU SHOULD TAKE NOTE OF ALL PERMISSIONS, OWNERS AND GROUPS OF ALL THE FOLDERS & FILES WE ARE CHANGING HERE BECAUSE YOUR WEBSITE MAY FAIL AFTER CHANGING THESE SETTINGS. ALL HOSTS HAVE DIFFERENT CONFIGURATIONS.

As long as you don't exit the session, you may be able to return all the changes you have made with sudo privileges.


If your WordPress installation is in the root folder of the user, eg: /home/myuser/

Take note of permissions, owners and groups:

With ls command and the -a -l flags you can see all files using long listing format. Do this being in /home and /home/youruser/ paths.

cd /home    
ls -al
cd /home/youruser
ls -al

Copy the output and save it in some text file.

Prevent losing SSH access:

The owner of the folder must be the user you are accessing with.

sudo chown youruser /home/youruser/

I also have set the group of the folder myuser.

sudo chgrp youruser /home/youruser/

Set the permissions of this folder with 751 (I think the important thing here is that the owner has full access)

sudo chmod 751 /home/youruser/

The permissions for the hidden folder .ssh must be 700 for top folder, 600 for files inside the folder and the owner & group must be youruser

sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R youruser ~/.ssh/
sudo chgrp -R youruser ~/.ssh/

Solve Plugins & Theme installation problems:

I'm still unsure if this solution is right for site security. However, I think you can apply this fix and then return the changes. The website should run smoothly in both cases.

I have changed permissions for folders and files via sftp in Nautilus. If you are using .pem key remember to add the key using ssh-add path/to/your/key.pem then connect to the server sftp://[email protected]

Make multiple click in folders wp-content, wp-admin, wp-includes and do Right click -> Properties (or Ctrl + I), change to permission tab and click in the "Apply permissions to Enclosed files" button on the bottom of the window, set:

Files

  • Owner: Read and Write
  • Group: Read only
  • Others: Read only

Folders

  • Owner: Create and delete files.
  • Access to files.
  • Access to files.

This will apply the changes to files and folders inside these three folders selected. Depending on the speed of your internet and how much files do you have, this may take some minutes to finish.

Make multiple click in remaining files and do Right click -> Properties (or Ctrl + I), change to permission tab and set

  • Owner: Read and Write
  • Group: Read and Write
  • Others: Only Read

AND LAST

Change the owner and the group of all the WordPress installation files, i.e. all the files inside /home/youruser

sudo chown -R www-data wp*
sudo chgrp -R www-data wp*

This make changes for all the files that start with the "wp" word recursively. To remaining files, I have made the changes manually. There are better ways like find command but that changed hidden folders too so I decided to do manually.

Apply the corresponding changes to files to the .htaccess as well.

NOTE: Test your website. Access to it, access to your WordPress admin, try installing plugins and themes, open another terminal (DON'T CLOSE the one you were writing the commands) and try to SSH into your webserver. If you have problems use the backup and revert the process.

Hope this helps.

comments powered by Disqus