Shero Support

How can we help?

Follow

Magento 2 File Permissions

Magento 2 has a nasty habit of resetting file permissions to match whatever is the correct setting on the system they run in development. These commands allow you to change the permissions.  Note: NOT RECOMMENDED.  See Magento File ACL's instead!!!  The following list of commands will work, for a while...

  1. find . -type f -exec chmod 644 {} \;
  2. find . -type d -exec chmod 755 {} \;
  3. find ./var -type d -exec chmod 777 {} \;
  4. find ./pub/media -type d -exec chmod 777 {} \;
  5. find ./pub/static -type d -exec chmod 777 {} \;
  6. chmod 777 ./app/etc
  7. chmod 644 ./app/etc/*.xml

or perhaps run: find . -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento

 

A better way to do that is[not correct yet!]

  1. find . -type f -exec chmod 600 {} \;
  2. find . -type d -exec chmod 700 {} \;
  3. find . -type f -exec chmod g+r {} \;
  4. find -type f -exec chmod o+r {} \;
  5. find -type d -exec chmod g+rx {} \;
  6. find -type d -exec chmod o+rx {} \;
  7. find ./var -type d -exec chmod g+rwx {} \;
  8. find ./pub/media -type d -exec chmod g+rwx {} \;
  9. find ./pub/static -type d -exec chmod o+rx {} \;

In english:

  1. Set the permissions on all files so that the owner can read and write to them and no one else can access them
  2. Set the permissions on all directories so that the owner can read, write, and SEARCH them and no one else can access them
  3. For all files, allow users in the same group to read them
  4. For all files, allow everyone else to read them
  5. For all directories, allow users in the same group to read and search them
  6. For all directories, allow everyone else to read and search them
  7. For the var directory and all subdirectories, give users in the same group read, write, and search access
  8. For all directories in pub/media give users in the same group read, write, and search access
  9. For all directories in pub/static give all users read access and search access

 

Notes:

X for directories is what allows a user to run commands such as:

cd pub/media and ls pub/media

Using the identifier+perms syntax [g+rwx] allows us to be additive rather then destructive.  IE chmod 770 will set the permissions for everyone/world/other to 0 or none.  If there was some directory where this was incorrect you just broke something.  By being additive, you avoid this issue.  In general you should almost never have to run the first 2 commands, just start at 3 and work down.

Comments