How to set proper permissions for Magento on server?

Please check and verify below steps:

  1. Check if your server is compatible with Magento. Download file from this link Magento Server Compatibility check and follow the instructions given.

  2. Check for the .htaccess in each folder and in root too. Magento has .htaccess in almost all folders. Verify it for media folder in case the problem is with image

  3. Execute the following server commands going into your project folder:

    find ./ -type f | xargs chmod 644
find ./ -type d | xargs chmod 755

    This gives 644 permission to files and 755 to folders.

  4. Next give 777 permission to var and media folder if the problem still persists, use the following commands for it:

    chmod -Rf 777 var
chmod -Rf 777 media

  5. Also check the html folder permission of your server. It should be 755.

Hope this should resolve your problem.


Please check if your FTP and SSH user are in the www-data group.

Your files and folders belong to the www-data user and group:

-rw-rw-r--  1 www-data www-data     2642 Nov 26  2013 index.php
drwxr-xr-x 13 www-data www-data     4096 Jun 18 07:29 media

Your FTP error message (I'm not able to override any file) makes me believe your FTP user is not in the www-data group.

From the command line, run and check which groups your ftp and ssh user belong to:

$ groups [username]

If there's no www-data listed, adjust the settings with your server-admin.


At your discretion, you should either assign all web server files to the www-data user and group, or just the group. It is often convenient, and still secure, to make the owner of the files yourself so you can more easily edit them, especially if you wanted to manage such files via a repo.

If you decided to make all web server files owned and group-owned by www-data, I recommend the following permissions:

find /var/www/html -type d -exec chmod 755 {} \; 
find /var/www/html -type f -exec chmod 644 {} \;

find /var/www/html/var -type d -exec chmod 755 {} \; 
find /var/www/html/var -type f -exec chmod 644 {} \;

find /var/www/html/media -type d -exec chmod 755 {} \; 
find /var/www/html/media -type f -exec chmod 644 {} \;

If you want to have the files owned by another user that should be able to edit everything, you can do 775 and 664 instead. Whatever you do, never set anything to 777. You rarely, if ever, have any reason to do that. In this case, you know who should and shouldn't access the files, and with what permission level, so you can explicitly set what you need, rather than let any and everyone read/write/execute everything.

Finally, and this is the most important step, you will want to make the /app directory and contents inaccessible for serving by allowing the .htaccess files to regulate access. Simply add something like the following, if using httpd:

<Directory /var/www/html>
  AllowOverride FileInfo Indexes Options Limit
</Directory>

Tags:

Permissions

Magento 1.8

Server Setup

Recent Posts