File ownership problems with Cap deploy

oppositeday · June 23, 2015, 12:46am

Does anyone have a file ownership scheme that works for LInux deploys? Here are my missteps so far:

In all cases, I have a user named “deploy” who belongs to group “www-data” and permissions are 775 for directories and 664 for files.

Set deploy directory ownership to “deploy:www-data”. WordPress can no longer directly handle image uploads and plugin installation (it asks for FTP credentials). Tried changing the FS_METHOD constant to no avail.
Set deploy directory ownership to “www-data:www-data” Deploys work and WordPress works but deploys change the current directory back to deploy:www-data and the above happens again.

Any advice?

DaveNaylor · June 23, 2015, 8:44am

Whats are the permission and ownership settings for the shared directory and its subdirectories?

fullyint · June 23, 2015, 3:52pm

@oppositeday I realize you’re probably not using Trellis to provision your server, but the issues with permission on the uploads folder made me think of the php config issues in roots/bedrock-ansible/issues/174. Not sure if it’s related to what you’re running into.

oppositeday · June 23, 2015, 5:21pm

Actually, I checked again and image uploads are fine once I place them in the shared folder (which I set to 775 www-data:www-data). Tried doing the same to the app/plugins folder but I’m still getting the prompt for FTP credentials.

oppositeday · June 23, 2015, 5:25pm

@fullyint You’re saying to change the php5-fpm settings by adding the following?

listen.owner = www-data
listen.group = www-data

fullyint · June 23, 2015, 5:59pm

Sadly, I’m not familiar enough with php configs to make a good recommendation other than “see if that other thread gives some ideas.”

But yeah, if you’re willing to test various configs, I’d be interested to see if things improve with everything in the current directory having ownership deploy:www-data and the php configs including:

listen.owner = www-data
listen.group = www-data
user = deploy
group = www-data

You could try variations on that, but I think the key for you might be user = deploy. If I understand correctly, that makes php deal with the dirs/files as the deploy user (e.g., when adding new uploads, etc.), i.e., as the user with the right ownership/permissions for all those files.