Linux – Setting up permissions for WordPress on Amazon EC2 (Amazon Linux)

amazon-ec2linuxpermissionswordpress

I setup WordPress on an Amazon EC2 instance. It's using Amazon Linux and is a standard setup (just php5 and mysql).

WordPress works fine, but there's some permission issues. Specifically I can't upload media, update permalink, plugins, etc. I have no write permission under the ec2-user and because I uploaded all the files over WinSCP the current owner is ec2-user.

My question is what's the best way to correct this issue? I could probably fix it by changing ownership of all folders/files to root, but that's not a very elegant or dynamic solution.

The path to my web directory is /var/www/html. Can I allow the ec2-user the correct permissions? Perhaps by having a group that both the Apache user and ec2-user share?

Any ideas would be appreciated

Best Solution

See http://blog.david-jensen.com/development/wordpress-amazon-ec2-apache-permissions-wordpress/ among other Google results. He looks to have had good luck:

I have been doing my best to figure out the Amazon EC2 Apache setup of permissions to enable WordPress to be able to manage all of the files on my Amazon EC2 instance without WordPress asking for FTP permissions when I try to upload a plugin or theme via the Admin site. I ended up having to give file and group ownership of the files in my html folder to apache user for WordPress to run correctly. http://www.chrisabernethy.com/why-wordpress-asks-connection-info/ and its comments helped me reach this conclusion.

From the webpage:

Run

sudo su chown -R apache:apache /vol/html

I then set permissions to what the hardening WordPress guide recommends for my html root as all my WordPress files are there as I am running MultiSite with multiple domains.

find /vol/html/ -type d -exec chmod 755 {} \;
find /vol/html/ -type f -exec chmod 644 {} \;

As apache doesn’t have a login I feel this is worth the risk though there is probably a better way to do this. I then added ec2-user to the apache group and changed the permissions of the wp-content folder to have group write permission 775.

useradd -G apache ec2-user
sudo chmod -R 775 /vol/html/wp-content

This allows FileZilla or any other program logged in as ec2-user the ability to change files and folders in the wp-content folder only. If anyone has a better way of doing this I would like to know. I am only using SSH and SFTP to access the server with key files.

Related Question