Close [x]

Set file system ownership and permissions

Edit this page on GitHub

Set file system ownership and permissions

The following sections discuss how to set file system ownership and permissions:

Why we recommend you set file system permissions

Malicious exploits are an unfortunate reality in the internet age. To help prevent exploits that take advantage of the file system, we recommend you set Magento file system ownership and permissions in a particular way. For more information, see Overview of ownership and permissions.

This topic covers permissions for a development environment. In production, the web server user should have limited write privileges. To help manage you production and developer modes, we provide the magento deploy:mode:set command.

The important things:

  • The owner of the Magento file system:
    • Must have full control (read/write/execute) of all files and directories.
    • Must not be the web server user; it should be a different user.
  • The web server user must have write access to the following files and directories:
    • var
    • app/etc
    • pub

In addition, the web server's group must own the Magento file system so that the Magento user (who is in the group) can share access to files with the web server user. (This includes files created by the Magento Admin or other web-based utilities.)

We recommend setting the permissions as follows:

  • All directories have 770 permissions.
    770 permissions give full control (that is, read/write/execute) to the owner and to the group and no permissions to anyone else.
  • All files have 660 permissions.
    660 permissions mean the owner and the group can read and write but other users have no permissions.

File system permissions and ownership

Use the following steps:

  1. If you haven鈥檛 already done so, log in to your Magento server as, or switch to, the Magento file system owner.

  2. Change to the Magento installation directory:

    cd <web server docroot>/<magento2 base dir>

    The base directory is typically a subdirectory named magento2 under your web server鈥檚 docroot. Need help locating the docroot? Click here.

    Examples:

    • Ubuntu: /var/www/magento2
    • CentOS: /var/www/html/magento2

  3. Set ownership:

    chown -R :<your web server group name> .

    Typical examples:

    • CentOS: chown -R :apache .
    • Ubuntu: chown -R :www-data .

  4. Set permissions:

    find . -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento

    If you must enter the commands as sudo, use:

    sudo find . -type d -exec chmod 770 {} \; && sudo find . -type f -exec chmod 660 {} \; && sudo chmod u+x bin/magento