I'm not incredibly familiar with how to properly setup permissions. Currently we sudo everything on the server because otherwise we don't have permission. I just got FTP up and running and I don't have permission to create a directory within a wordpress installation. I'm noticing everything there is...

-rw-r--r-- 1 root root
drwxr-xr-x 7 root root

I know I shouldn't be able to change root files, but why does root own everything? The server guy that used to be here and set all this up is gone. Is this the best way or should we have a "webdev" group or something?

  • 3,630
  • 17
  • 62
  • 93

2 Answers2


You definitely want a group for this. I would configure a group for FTP access. Put the users in a group that you want to use for FTP users, and then I suggest the following (assuming the FTP group is called FTP and the base data directory is /ftpdata - change these as needed):

chown -R nobody:ftp /ftpdata
find /ftpdata -type f -exec chmod 664 {} \;
find /ftpdata -type d -exec chmod 2775 {} \;

Here's what you're doing...

chown -R nobody:ftp /ftpdata

This sets the owner to nobody and the group to ftp for every file and directory below /ftpdata.

find /ftpdata -type f -exec chmod 664 {} \;

This command sets every file below /ftpdata to be mode 664, that is read-write for the owner and group, and read-only for everyone else.

find /ftpdata -type d -exec chmod 2775 {} \;

This command sets every directory below /ftpdata to 2775, that is read-write-and-execute for the owner and group, and read-execute for the world, plus any new files created in any of those directories will be owned by the ftp group.

The 2 in 2775 is "Set Group ID" - whenever a new file is created in a directory with that bit set, it makes the group of that file the same as the group that owns the directory. Without that, a user who's primary group is not the ftp group will create files that are owned by another group, and may not be accessible by other members of the group.

  • 2,423
  • 18
  • 17
  • I did `id user` and it shows "1003(web-dev),1007(ftp)" so should I use 7 or 1007 instead of the 2? – Ben Jul 07 '10 at 20:28
  • No, the 2 I'm referring to is part of the permissions, it has nothing to do with who owns the directory. Read the chmod man page, it will make more sense. The first octal digit can be a combination of 4 (Set User ID), 2 (Set Group ID), or 1 (Sticky). These change the way the directory or file operates in specific ways beyond the normal permission modes. – baumgart Jul 09 '10 at 00:29
  • How can I setup the server so that it gives the files these permissions automatically via VSFTPD ? – Ben Oct 10 '10 at 22:45

Root SHOULDNT own everything.

Create a group, add your FTP users to the group.

Give the directories and files you want the proper permissions. This command will make the directories and files readable and writeable by the owner and the group, and readable by the world.

chmod -R 764 /the/path/to/files

Google 'Unix File Permissions' and/or 'chmod' for further explanation if this doesn't help.

  • 276
  • 3
  • 11