Magento 2 permissions: Overview and how to set up it to avoid errors

Magento 2 permissions assist you to allocate permissions for different store admins efficiently. In order to operate your business more effectively, you may need to assign some tasks to the other users of your Magento 2 store. However, you don’t need to provide each user with a full list of store management permissions. Magento 2 admits you to fully or partially set permissions for certain users or user groups.

Ownership and Magento 2 permissions: Overview

Before you install Magento 2,  keep in mind to set read-write file permissions for the webserver group. This is very important so the Setup Wizard or command line can write files to the Magento file system. This process you use is different, relying on whether you utilize shared hosting and have one user or if you use a private server and have two users.

1. Private Hosting

Step 1: Set up system owners

Follow this command to generate a user with root authorities:

adduser <username>

Follow this command to create a user password with root authorities:

passwd <username>

Step 2: Detect the webserver, user group

To detect the apache use, use the command:

-ps aux | grep apache

-groups <apache user> for the group

Commonly, you should see both the user name and the group name as www-data

Step 3: Set the file system owner in the webserver group

usermod -g www-data <username>

Then, ensure that your user is a member of the webserver group:

groups <user name>

2. Shared Hosting

Make sure the login to your Magento 2 server with the same user running the web server.

1. Set up one owner for default or developer mode

In default or developer mode, the user needs to get access to write the below directories:

• Vendor
• app/etc
• pub/static
• Var
• Any other static resources
• var/generation
• var/di
• var/view_preprocessed

Both the command line and a file manager application which is offered by your shared hosting provider can be used to set the Magento 2 permissions

2. Set up one owner for production mode

Write access from files should be removed in the below directories for better security when you want to proceed your website to production:

• Vendor
• app/code
• app/etc
• pub/static
• Any other static resources
• var/generation
• var/di
• var/view_preprocessed

All of the above directories need to be read-write so as to update components, install new components, or to upgrade the Magento software.

Make code files and directories read-only

To remove writable Magento 2 permissions to files and directories from the web server user’s group, use these ways below:

1. Login in to your Magento server.
2. Move to your Magento installation directory.
3. Use the following command to change to production mode:

php bin/magento deploy:mode:set production

4. Follow the below  command:

find app/code pub/static app/etc var/generation var/di var/view_preprocessed vendor \( -type f -or -type d \) -exec chmod u-w {} \; && chmod o-rwx app/etc/env.php && chmod u+x bin/magento

Make code files and directories writable:

You can update components and upgrade the Magento 2 software so as to make files and directories writable

1. Login in to your Magento server.
2. Change to your Magento installation directory.
3. Enter the followings:

chmod -R u+w

How to set Magento 2 permissions?

1. Basic permissions setup

Set Magento Permissions:

We suggest the permissions for Magento 2 as follows:

• directories: 711
•  php files: 600
• all other files: 644

This can be achieved by using the below commands:

find . -type d -exec chmod 0711 {} +
find . -type f -exec chmod 0644 {} +
find . -type f -name “*.php” -exec chmod 600 {} +

chown -R owner: group. (containing the last point dot, sets owner for all files under current Magento 2 installation) – Ensure you replace <owner>:<group> with your current user and the group that it’s in. The most popular ones are www-data:www-data, root:root, www-data:magento, etc however this can differ from server to server.

chmod u+x bin/Magento (include the execute permissions for bin/Magento)

 2. Advanced permissions setup

When using your own server or a private hosting setup and you need to set ownership and permissions the following advanced procedure can be used. With this type of server, you are not able to log in or change the webserver user. Commonly, you log in as one user and run the web server as a various user.

In order to enable the webserver to write files and folders in the Magento 2 file system, and at the same time to keep ownership by the Magento file system owner, both users must be added to the same group. In this method both users can have access to the Magento files, including the files generated also by the Magento Admin or other web-based application.

The following ways show you how to add your Magento file system, owner/user, in the web server’s group on Apache servers. For other web servers or operating systems, you can utilize similar commands.

Step 1: Check your <your_username>

whoami

Step 2: Find the web server’s user

ps aux | grep apache

Usually, the apache user is www-data.

Step 3: Find the web server user’s group

groups www-data

Change www-data with your apache user in case your web server user is different.

In common, both the user and the user’s group are www-data.

Step 4: Set up the file system owner in the webserver group (this needs to be done even if the user is root)

sudo usermod -a -G www-data <your_username>

This is how you add your user to the www-data group.

Step 5: Ensure that your user is a member of the web server group

groups <your_username>

The result should be that <your_username> from Step 1 is now part of multiple groups, containing www-data, the webserver group.

To finish this point, restart the webserver:

• Ubuntu:

  service apache2 restart

• CentOS:

  service httpd restart

Step 6: Set ownership and permissions 

Use <web server group> found at Step 3

d <to your Magento install directory> 
find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} + 
find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} +
sudo chown -R <your_username>:<web server group> . (including the last dot, sets owner for all files under current M2 installation) 
chmod u+x bin/magento (add the execute permissions for bin/magento)

 You can follow the below command in one line. Ensure you are in the directory of your Magento2 installation, and we suppose that the webserver group is www-data:

find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} + && find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} + && chown -R www-data:www-data . && chmod u+x bin/magento

In some case when the file system permissions are set improperly and can’t be adjusted by the Magento file system owner, you need to use the commands as a user with root privileges:

sudo find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} \; && sudo find var vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} \; && sudo chown -R www-data:www-data . && sudo chmod u+x bin/magento

Note: Relying on how the server is configured, when copying files via FTP, the copied files may have incorrect permissions or wrong group. In this case, you can use the above permission setup again after copying the new files.

Conclusion

I hope the above information might be useful to you. Do not hesitate to contact us if you have any doubts about Magento 2 permissions.

Besides, if you are looking out for a cost effective Magento package for your eCommerce store, then look nowhere other than Magesolution. We not only offer an affordable Magento Development Package for all size and budget but also ensure that it helps your online business grow and sustain. Contact us for a free consultation!