Jan 6 2012
Amazon EC2 Apache Setup Permissions for WordPress
I have been doing my best to figure out the Amazon EC2 Apache setup of permissions to enable WordPress to be able to manage all of the files on my Amazon EC2 instance without WordPress asking for FTP permissions when I try to upload a plugin or theme via the Admin site. I ended up having to give file and group ownership of the files in my html folder to apache user for WordPress to run correctly. This article and its comments helped me reach this conclusion.
sudo su chown -R apache:apache /vol/html
I then set permissions to what the hardening WordPress guide recommends for my html root as all my WordPress files are there as I am running MultiSite with multiple domains.
find /vol/html/ -type d -exec chmod 755 {} \;
find /vol/html/ -type f -exec chmod 644 {} \;
As apache doesn’t have a login I feel this is worth the risk though there is probably a better way to do this. I then added ec2-user to the apache group and changed the permissions of the wp-content folder to have group write permission 775.
useradd -G apache ec2-user sudo chmod -R 775 /vol/html/wp-content
Music to Write this Code to
Jan 16, 2012 @ 02:21:49
I have to admit, I only use the cpanel that my hosting provides to change permissions. I haven’t looked in to multi-site WP yet I have four slots on my hosting and four installations of WP, when I used to use Drupal, which has an amazing front end editor now btw, I always though I should be able to host multiple sites on one installation but I could never find out how… then sometimes I just don’t know what I’m looking for!
Mar 20, 2012 @ 03:50:02
I’ve got things set up the exact same way on my end. Curious to hear if you’ve come across any improvements since writing. I do feel like there are some vulnerabilities, but like you have justified by fact that apache doesn’t have login. Still feel somewhat insecure though, just seeing if you’ve adjusted anything. Thanks!
Mar 21, 2012 @ 09:00:18
@Jeff I still have everything set up in the same way. SSH / sFTP is pretty secure and the amount of time and effort it would take to set it up in another way doesn’t justify the risk of someone breaking in that way. Just making sure I run updates to both WordPress and the Linux box on a regular basis.
May 14, 2012 @ 20:30:32
Hey David,
I’ve seen & tried several different ways to fix the WordPress permissions problems I’d had. Your documentation is the first that I’ve seen that worked well. Thank you for your sharing!
Jun 06, 2012 @ 15:02:54
Hi David,
I found this post on stackoverflow quite useful, look at Jake’s answer and let me know what you think:
http://stackoverflow.com/questions/8686125/update-wordpress-theme-on-ec2
Jun 06, 2012 @ 21:13:35
@Yannick I think that it would be more secure to use sFTP using SSH rather than a password. The last answer suggests a pretty similar thing to what I have done.
Jun 14, 2012 @ 01:52:05
Thanks for pulling this together. After going through my own checklist [really who runs root'd apache installs?] I knew this is where I was heading and you confirmed it. Deployed, and all is happy. Much easier to manage.
Jun 14, 2012 @ 07:14:58
Happy to be of assistance Andy, was bugging me for quite a while hence the post.
Jul 12, 2012 @ 21:45:08
i’m getting this error on ec2 when i try to add ec2-user to group can you help please? useradd: user ‘ec2-user’ already exists
Jul 14, 2012 @ 15:59:52
Seems like the user has already been added, I get the same thing when I run the command again. You should be good to just run the next step without any issues. Let me know if that is not the case.
Dec 01, 2012 @ 15:48:21
I had the same problem. Found out that if the user already exists and isn’t in the Apache group, you’ll still be unable to modify or add anything. The fix is simple. Use usermod instead: [usermod -G apache ec2-user]
Then restart the server [service httpd restart]. Sorted!
Jul 20, 2012 @ 15:56:15
Thanks, dude. I have been trying to fix permission problems with Filezilla for three days now. Your solution is the only one that worked well. I could not list my directories and now I can.
Thanks
Jul 21, 2012 @ 17:28:03
Glad to be of assistance spent quite a while figuring all this out myself, hence the blog posts so I would remember.
Sep 12, 2012 @ 21:04:59
Wasn’t going to comment, but since you posted the SMD E-mix I now have to. Thanks for the help!
WordPress Apache Permissions For Easy Update
Oct 28, 2012 @ 11:07:56
[...] these have run you can run the update successfully, you then just put the files back to my what my previous post [...]
May 16, 2013 @ 14:58:03
Thanks David. This has been a great help.