Close [x]

Set file system ownership and permissions

Edit this page on GitHub


Why we recommend you set file system permissions

Malicious exploits are an unfortunate reality in the internet age. To help prevent exploits that take advantage of the file system, we recommend you set Magento file system ownership and permissions in a particular way. For more information, see Overview of ownership and permissions.

This topic covers permissions for a development environment. In production, the web server user should have limited write privileges. To help manage you production and developer modes, we provide the magento deploy:mode:set command.

The important things:

  • The owner of the Magento file system:
    • Must have full control (read/write/execute) of all files and directories.
    • Must not be the web server user; it should be a different user.
  • The web server user must have write access to the following files and directories:
    • var
    • app/etc
    • pub

In addition, the web server's group must own the Magento file system so that the Magento user (who is in the group) can share access to files with the web server user. (This includes files created by the Magento Admin or other web-based utilities.)

We recommend setting the permissions as follows:

  • All directories have 770 permissions.
    770 permissions give full control (that is, read/write/execute) to the owner and to the group and no permissions to anyone else.
  • All files have 660 permissions.
    660 permissions mean the owner and the group can read and write but other users have no permissions.

File system permissions and ownership

Use the following steps:

  1. Change to the Magento installation directory:
    cd <web server docroot>/<magento2 base dir>
    The base directory is typically a subdirectory named magento2 under your web server's docroot. Need help locating the docroot? Click here.
    • Ubuntu: /var/www/magento2
    • CentOS: /var/www/html/magento2
  2. Set ownership:
    chown -R :<your web server group name> .
    Typical examples:

    CentOS: chown -R :apache .
    Ubuntu: chown -R :www-data .
  3. Set permissions:
    find . -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento
    If you must enter the commands as sudo, use:
    sudo find . -type d -exec chmod 770 {} \; && sudo find . -type f -exec chmod 660 {} \; && sudo chmod u+x bin/magento

Next steps

Install the Magento software:

  • Using the web-based Setup Wizard, which is better for less experienced users or anyone who has a hosting provider (especially if you don’t have access to the Magento server)
  • Command line, which gives you more control but requires more experience and also access to the Magento server