1

I have a WordPress installation on my first VPS, and ownership problem with www-data user and user I created (let's call it user1) to use for login (I disabled root login).

I use user1 for FTP, but I can't overwrite the files owned by www-data, and if I chown all files to user1, I can overwrite, but WordPress is not able to install anything from dashboard or delete, until I return ownership to www-data.

How can I have both? FTP user that's capable of writing, overwriting files, and being able to add, remove, update plugins from dashboard?

Thanks in advance!

user207799
  • 11
  • 1

1 Answers1

1

In general it's bad security practice to make web files writeable by the web server, since a user who compromises the web server can then change any of the web files.

The best practice is to make the web files owned and writeable by a different user, say user1, and readable but not writeable by www-data. Now for the WordPress plugins directory, you can either make just that one directory writeable by www-data all of the time, or better, leave it read-only until you need to install a plugin, then make it writeable, install the plugin, and remove the write permission again.

To make the directory writeable by www-data while still being owned by user1, you have a few options:

  1. Add www-data to the group that owns the web files, and make the files group writeable, for example:

    adduser www-data webdev
chgrp -R webdev $plugindir
chmod -R g+w $plugindir

  2. Add an ACL to allow it:

    setfacl -R -m u:www-data:rwX $plugindir
Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47