File ownership problems with Cap deploy

Does anyone have a file ownership scheme that works for LInux deploys? Here are my missteps so far:

In all cases, I have a user named “deploy” who belongs to group “www-data” and permissions are 775 for directories and 664 for files.

  • Set deploy directory ownership to “deploy:www-data”. WordPress can no longer directly handle image uploads and plugin installation (it asks for FTP credentials). Tried changing the FS_METHOD constant to no avail.
  • Set deploy directory ownership to “www-data:www-data” Deploys work and WordPress works but deploys change the current directory back to deploy:www-data and the above happens again.

Any advice?

Whats are the permission and ownership settings for the shared directory and its subdirectories?

@oppositeday I realize you’re probably not using Trellis to provision your server, but the issues with permission on the uploads folder made me think of the php config issues in roots/bedrock-ansible/issues/174. Not sure if it’s related to what you’re running into.

Actually, I checked again and image uploads are fine once I place them in the shared folder (which I set to 775 www-data:www-data). Tried doing the same to the app/plugins folder but I’m still getting the prompt for FTP credentials.

@fullyint You’re saying to change the php5-fpm settings by adding the following?

listen.owner = www-data = www-data

Sadly, I’m not familiar enough with php configs to make a good recommendation other than “see if that other thread gives some ideas.”

But yeah, if you’re willing to test various configs, I’d be interested to see if things improve with everything in the current directory having ownership deploy:www-data and the php configs including:

listen.owner = www-data = www-data
user = deploy
group = www-data

You could try variations on that, but I think the key for you might be user = deploy. If I understand correctly, that makes php deal with the dirs/files as the deploy user (e.g., when adding new uploads, etc.), i.e., as the user with the right ownership/permissions for all those files.