View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Can't change file permissions on WordPress www-data via SFTP
Log in to Ask a Question

Can't change file permissions on WordPress www-data via SFTP

Ubuntu 18.04

I've tried for hours to figure this out.

I set up a simple WordPress site and changed all the folders and files to owner/group www-data:www-data with 775 permissions. (That is what I was told to do in one of the Linode guides) Site works great.

When I log in with the Transmit FTP client I can rename a wp-file but I can't modify the permissions. I get "protocol" error message from Transmit. I have to log in as root to change permissions of a file or folder.

If I change the owner:group to myusername:users via chown I can change permissions as a user.

What is preventing www-data from changing permissions except if logged in as root?

Does anyone have any ideas on what needs to be changed?

Al

11 Replies

The sftp(1) daemon handling your request(s) is running with the credentials of your sftp(1) login. This is as it should be… Changing ownership/permissions of a file you don't own is a privilege reserved for the super-user.

Make your sftp(1) login a member of group www-data. Since that's the group owner of the files in question and perms are rwx for the group owner, you should be able to do what you need to do without being the super-user. You won't need to change the owner then. You have to be the super-user to add your sftp(1) login a member of group www-data though.

I'm pretty sure it only requires x permission for others to rename a file. Don't quote me on this though…

-- sw

Thanks for the explanation. That makes sense. I thought www-data was the Apache user or owner name. I didn't know www-data was a group. Or is it both a user name and a group name?

Do you know the command to add a user to a group? Does this sound right:

sudo usermod -a -G www-data myUserName

I'm not an expert Linux admin, but I can do most of the routine things… and this is not one of them!!! :-)

-Al

Or is it both a user name and a group name?

Yes…at least on Debian/Ubuntu. This situation may not apply to other distros.

Do you know the command to add a user to a group? Does this sound right:
 
sudo usermod -a -G www-data myUserName

That looks right to me…although I usually just edit /etc/group:

sudo vi /etc/group

…but I've probably been doing this a lot longer than you ;-)

-- sw

I'll try your solution tomorrow and report back.

I thought this system would send me an email when someone answered my question but I guess it doesn't. I would have liked to get your answer when you posted it, not 9 hours later when I logged in to check!

I did the command

myUserName@mars:~$ sudo usermod -a -G www-data myUserName

But when I logged in via SFTP I still can't change permissions on a file that has user/group as www-data/www-data. When I try it my SFTP client (Transmit) pops up a "Protocol error" message.

I looked into the group file
myUserName@mars:~$ cat /etc/group

The /etc/group file has these two lines (among many others):

sudo:x:27:myUserName
www-data:x:33:myUserName
myUserName:1000:

So, am I part of the group?

What did I do wrong? Is there a systemctl command I need to enter for this to take effect?

Thanks.

(Is there a setting to get an email notification when someone replies to a posting of mine?)

@acanton77
Unfortunately, there is no way to receive notifications upon responses to a question you've posted here, I wish there was. The old community forum had that feature.

As to the ownership permissions, you may find that you have better luck if the files are owned by myUser:www-data rather than www-data:www-data. You should then be able to change permissions, perform sftp uploads and downloads, etc. Someone else may have tips on setting ownership to be permanent on user:www-data, otherwise, your files uploaded will automatically be user:user, then you'll have to change the ownership to user:www-data each time.

You should recursively chown your website root directory to user:www-data when you try changing file ownership permissions.

I hope some of this is helpful for you.

Blake

@acanton77 --

You write:

The /etc/group file has these two lines (among many others):
 

sudo:x:27:myUserName
www-data:x:33:myUserName
myUserName:1000:

 
So, am I part of the group?

Yes.

I tried this (except the user/group I was using was mail:mail…I am a member of group mail) and I got EPERM -- Permission denied:

stevewi:~ $ sftp mydomain.com
Connected to mydomain.com.
sftp> cd /srv/mail/var/etc
sftp> ls
sftp> chmod 0644 domains.conf
Changing mode on /srv/mail/var/etc/domains.conf
Couldn't setstat on "/srv/mail/var/etc/domains.conf": Permission denied
sftp> exit

I guess I was wrong about group ownership being sufficient to change ownership… You need to be the real owner of a file to change it's permissions (in your case, the user www-data).

You can do this with (using my example):

ssh mydomain.com sudo -A chmod 0644 /srv/mail/var/etc/domains.conf

from a terminal window provided you've set up an askpass program according to the directions provided here:

https://www.shell-tips.com/linux/sudo-no-tty-present-and-no-askpass-program-specified/

Sorry for the confusion… I never use [s]ftp…I always use scp. To do stuff with a file I just login to my Linode with ssh(1) and do the operation with sudo(1):

stevewi:~ $ ssh mydomain.com
Welcome to mydomain.com...

stevewi@mydomain.com:~$ sudo chmod 0644 /srv/mail/var/etc/domains.conf
[sudo] password for stevewi:
stevewi@mydomain.com:~$ ^D

I guess I'm too old-school… I view any way but the above to be a security risk. It's an attitude that's served me well since the only networking was a 300baud modem and cu(1)/uucp(1) (that makes me really old…you can Google what cu(1) and uucp(1) were…).

-- sw

You should recursively chown your website root directory to user:www-data when you try changing file ownership permissions.

I agree. That is how it is on another server that I have at a commercial ISP.

I did the chmod -r MyUserName:www-data [directoryName]

That is the correct owner/group format as I can now rename and change permissions as a regular user in my SFTP client.

PROBLEM SOLVED!

Thanks.

Al

You write:

I did the chmod -r MyUserName:www-data [directoryName]

You need to make sure the group (www-data) permissions include r. Also, if the web server needs to write (as in cache directories), the group permissions need to include w as well.

-- sw

drwxrwxr-x 6 myUserName www-data 4096 Apr 30 19:36 wp1

Directory permissions of 775 for my WordPress file directory does that.

Who should own the public_html directory? myUser:www-data ? What permissions do you suggest? 775?

Al

Who should own the public_html directory? myUser:www-data ? What permissions do you suggest? 775?

I can't offer any advice here because that's something you have to decide. My site is very different than yours (I don't use WP) so you should establish ownership/permissions based on:

  1. the requirements of your app and what you want it to do for you; and
  2. a reasonable notion of security that won't get in the way of #1.

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct