When working on self-managed self-hosted WordPress such as Vultr or Digital Ocean, the virtual machine comes with only SSH logins for the root user. A correct thing to do immediately is to create user accesses with specific and dedicated permissions, using the root user for ordinary administration is not a good practice.
Using Ubuntu and learning some system administrator commands helped me set up and manage my Digital Ocean cloud hosting , where this site has been residing for some time now. I am now independent of shared hosting platforms which have a lot of limitations and are often underperforming. The beauty is to have fun testing configurations in order to obtain an ever faster and more stable web server.
Note: if you are interested in learning more, I have a web master course where I show you how to configure, optimize and manage LEMP servers (Linux-Ubuntu + Nginx + MySQL + PHP-FPM).
With this post I show you how to fix permission problems when using SFTP users with Nginx and PHP-FPM 7.0.
Index:
- Create new SFTP user by assigning the correct home folder
- Assign ftpuser to www-data group
- Configure Nginx to use ftpuser
- Configure PHP-FPM to use ftpuser and www-data group
- Correct the permissions
Create a new SFTP user
Create a new ftpuser with the / var / www directory assigned:
Set the password for ftpuser. Careful, when you are prompted for the password you will not see the characters as you type!
Files are not writable by all users, they are limited to the owner of the files. The web server must be running with a specific user. That user must exist. If run as root, all files should be accessible as root and the user should be root to access the files. Being the root owner, a compromised web server would have access to the entire system. By assigning a specific user, a compromised web server will only have full access to its files and not the entire server.
By default on Ubuntu with Nginx or Apache the ownership of the files is assigned to the user www-data . Since this is the default configuration, you may be able to appropriately know the required property for your web files. If you change user, you should change the files on your site to match.
Add ftpuser to www-data group:Your new ftp user is now a member of the right group and has the correct home folder.
Change Nginx user
Open your Nginx configuration:
Change the user value on your ftpuser:
Verify that the syntax of the new Nginx configuration is correct:
You should receive these confirmation messages:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now Nginx will run as ftp user.
Change PHP-FPM user
Open your PHP-FPM configuration:
Change the value of the ftpuser user:
Check the syntax of the new PHP-FPM configuration:
You should see this success message:
[12-Jun-2018 01:02:21] NOTICE: configuration file /etc/php/7.0/fpm/php-fpm.conf test is successful
PHP-FPM is now configured to function as an ftpuser.
Correct the FTP permissions
Recursively change ftpuser root folder permissions:
Alternatively use
Set folder permission 775 so that the ftpuser and www-data group can execute files in folders:
Set files permission 664 so that the ftpuser group and www-data can modify them:
Change the permissions for the / var / lib / nginx folder:
Also change the permissions of the log folder:
Change the permissions of the PHP sessions:
Set permission 775 for folders so that the ftpuser and www-data group can execute files in folders:
Set permission 664 for files so that the ftpuser and www-data group can modify them:
Change permissions for the folder / var / lib / nginx:
Also change log folder permissions:
Change PHP session permissions:
As far as permissions are concerned Mahatma ela, that’s all, you shouldn’t need anything else.
Finalize
Now the services and web server need to be restarted. Type in the SHELL:
At this point you should be able to upload files via SFTP without authorization issues.
If you still have problems with WordPress and FTP, try adding these lines to your wp-config.php file:
