Adding SFTP User with Correct Permissions for nginx with PHP-FPM

Started by saos@ngmo, 01/07/20, 22:27

Previous topic - Next topic

saos@ngmo


When you self-host WordPress on your own VPS like Vultr or Digital Ocean you do not get a default ftp user (besides root). You do not want to use the root user or you will get permission errors. This post shows you how to correct the permission problems if you want to have an SFTP user with nginx and php-fpm.

I am using Debian 9 for this tutorial so I am assuming you are using PHP 7.
Adding SFTP User with Correct Permissions for nginx with PHP-FPM

  • Create a new user with the right home folder
  • ftp user is made member of www-data group
  • Configure nginx to run as ftp user
  • php-fpm runs as ftpuser and www-data group
  • Correct permissions
    Create SFTP User
Create a new ftp user, /var/www is the home folder for the ftp usersudo useradd -d /var/www/ ftpuserSet the password for the ftpuser, when you are prompted for the password you will not see characters as you type!sudo passwd ftpuserAdd the ftpuser to the www-data groupsudo usermod -aG www-data ftpuserYour new ftp user is now a member of the right group and has the right home folderWe can make the user have the primary group www-data so that becomes the group owner by defaultsudo usermod -g www-data ftpuserChange nginx UserNote: if you notice weird behavior after making this change return the user to root and reload nginx.Open your nginx configurationsudo nano /etc/nginx/nginx.confChange the user value to your ftpuser# WP-Bullet.com nginx configurationuser ftpuser;worker_processes auto;pid /run/nginx.pid;Verify the nginx syntax is correctsudo nginx -tYou should get these confirmation messagesnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successfulNow nginx will run as the ftp user.Change PHP-FPM UserOpen your php-fpm configurationsudo nano /etc/php/7.0/fpm/pool.d/www.confChange the user value to your ftpuser; Unix user/group of processes; Note: The user is mandatory. If the group is not set, the default user's group;       will be used.user = ftpusergroup = www-dataVerify the php-fpm syntaxsudo php-fpm7.0 -tYou should see this success message[25-Mar-2017 07:05:24] NOTICE: configuration file /etc/php/7.0/fpm/php-fpm.conf test is successfulNow php-fpm is configured to run as the ftpuser.Correcting PermissionsRecursively change the permissions for the ftpuser's home foldersudo chown -R ftpuser:www-data /var/wwwSet 775 for folders so the ftpuser and www-data group can executesudo find /var/www/ -type d -exec chmod 775 {} +Set 664 for files so the ftpuser and www-data group can write to filessudo find /var/www/ -type f -exec chmod 664 {} +Change the permissions for the /var/lib/nginx foldersudo chown -R ftpuser:www-data /var/lib/nginxChange the log folder permissions as wellsudo chown -R ftpuser:www-data /var/log/nginxChange php sessions permissionssudo chown -R ftpuser:www-data /var/lib/php/sessionsThat should do it for the permissions.FinalizingNow the services just need to be restartedsudo service php7.0-fpm restartsudo service nginx restartYou should now be able to upload files over SFTP without any permission problems.If you still have FTP prompts then try adding these to your wp-config.php file.// permission fixesdefine( 'FS_METHOD', 'direct' );define( 'FS_CHMOD_DIR', ( 0775 & ~ umask() ) );define( 'FS_CHMOD_FILE', ( 0664 & ~ umask() ) );You can use this script as a permissions resetUSER=ftpusersudo chown -R ${USER}:www-data /var/www/sudo find /var/www/ -type f -exec chmod 664 {} +sudo find /var/www/ -type d -exec chmod 775 {} +sudo chown -R ${USER}:www-data /var/lib/nginxsudo chown -R ${USER}:www-data /var/log/nginxsudo chown -R ${USER}:www-data /var/lib/php/sessions[/list]

SEO ngành nghề, cỏ nhân tạo, chuyên sửa máy rửa bát tại hà nội, chuyên sửa chữa tivi tại nhà ở Hà Nội, đặt hàng tượng phật đồ thờ tâm linh làng nghề Sơn Đồng | Điện lạnh Bách Khoa Hà Nội