Magento 2 file system permissions are an integral part of the platform's setup. It requires different permissions for files and directories for smooth operation and development. Besides, the file permissions are directly linked to your Magento store security.
Hence, it's twice as crucial to configure the permissions properly. Today, we'll cover everything you should know about Magento file permissions, including their definition, types, configuration methods, and best practices.
Let's begin!
What are Magento File Permissions?
Magento file system permissions define what actions users can perform with the files and directories. They concern the reading (r), writing (w), and execution (x) rights of the owner, group, and other users.
For the system to run properly, you need to set the correct permissions so that the scripts and queries are executed without breaking. There are various permission types you may consider using, each offering a specific set of eligible actions.
Moreover, the Magento file permissions are directly connected to your store's safe operation. They either restrict or open access to various files and directories, making it crucial to choose wisely when setting them up.
Why are File System Permissions Important?
It's pretty clear why file system permissions are so important. Still, we'd like to highlight the key reasons why you shouldn't neglect setting correct permissions in Magento.
Deploy without interruptions
Incorrect file and directory permissions may result in broken functionality and interrupted processes. If some entities have missing permissions, it can negatively impact the static content deploy, composer updates, and cache operation.
Thus, by setting up the correct permissions, you ensure a smooth development process without unexpected issues.
Protect your store from malicious attacks
Magento 2 file permissions clearly define what actions users can perform with your files. This way, you protect your store from unauthorised access and code injections that can damage your system.
This aspect highlights how crucial it is to set the permissions so as not to leave any loopholes for hackers.
Keep sensitive files safe
Some of your files store sensitive details, such as database information. Thus, you'd want to restrict unauthorised users from reading such files, as they can compromise your store's safety.
Magento file permissions have you covered here, and make it possible to restrict access to these files to your system users only.
Magento 2 Permission Types
Permission types encompass the set of actions a specific user can take. Magento uses octal values to define a combination of actions for different users. Some common permissions are 770, 660, 755, 644, etc.
It would make sense to sort out what each of the permissions gives access to in order to manage them more effectively. The table below will help us out.
| Permission | Access |
|---|---|
| 770 | Owner and Group: read, write, execute Others: no access |
| 660 | Owner and Group: read, write Others: no access |
| 755 | Owner: read, write, execute Group and Others: read, execute |
| 644 | Owner: read, write Group and Others: read |
| 775 | Owner and Group: read, write, execute Others: read, execute |
| 664 | Owner and Group: read, write Others: read |
| 777 | All users: read, write, execute |
It is generally recommended to set 770 for directories and 660 permissions for files in Magento 2. These are the most secure options that close your system from third-party users.
However, some systems may not support 770 and 660 permissions. In this case, you can go for 775 and 644, which are safe options that do not disclose full access to other users.
How to Set Magento File System Permissions?
We've established what types of Magento 2 file system permissions there are and what exactly they allow users to do. Now, it's time to learn how to set the permissions.
As you might know, permissions can be set for one or multiple users. A single-user mode is most common for the shared hosting environment, where one user manages all resources.
In the self-hosted environment, though, there are usually multiple users. They belong to the web server and command line groups. The former manages the Magento admin panel and the storefront, while the latter has access to your server and can run various tasks.
Let's now move to the practical part.
For a single user
To set permissions for a single user, navigate to your Magento root. Run the following command to set permissions for the directories:
find . -type d -exec chmod 755 {} \;
Next, continue with setting permissions for the files:
find . -type f -exec chmod 644 {} \;
In case you have to set permissions for specific directories, you can define them in the commands as follows:
find ./pub/static -type d -exec chmod 755 {} \;
For multiple users
The multiple-user setup is used less frequently than the single-user one. Still, it's implemented in some systems and implies dividing all users into the two groups we mentioned above.
Generally, the permissions for the group are set in the same way as for a single user. Still, there are some directories that the second group should be able to read and write to, such as var, generated, app/etc, pub/media, pub/static/, vendor, etc.
To set these permissions, run:
find var generated vendor pub/static pub/media app/etc -type d -exec chmod 775 {} \;
find var generated vendor pub/static pub/media app/etc -type f -exec chmod 664 {} \;
bin/magento should also be executable for the group:
chmod u+x bin/magento
To check the ownership, you can use the following command:
chown -R :<web server group> .
Best Magento File System Permissions Practices
At this point, you know what Magento permissions are and can easily set them for one or multiple users. However, before you do that, there are a few things you should keep in mind.
Don't open access to the sensitive files
First things first, identify the sensitive files that include your system details or other specific content. Then, when setting up permissions, make sure those files don't have open access and can only be read, written, and executed by your system users.
Granting public access to sensitive files can breach the security of your whole system. So, it's better to avoid such an outcome rather than deal with bitter consequences.
Avoid using the 777 permission
Following our previous point, try to avoid using the 777 permission permanently. This permission gives full access — read, write, and execute — for all users. This means that anyone can access and edit your files.
We don't have to explain what risks this can impose. Although the 777 permission is sometimes used as a quick fix, make sure you revert it once the issue is resolved. Besides, we strongly recommend not implementing the 777 permission on production.
Monitor file permissions regularly
Once you set the Magento 2 file system permissions, you ensure better software deployment and improve your store's security. Yet, that's not it.
It's important to regularly monitor your file permissions to avoid any slip-ups and unexpected permission issues. Doing that manually is a daunting task. Luckily, there are third-party tools, like the , that do the job for you.
Specifically, this Security tool monitors your system and prepares extensive reports. They help you keep the permissions aspect in check, determine what areas require your attention, and resolve vulnerabilities promptly.
Example of the security reports
Besides, this Security Checker sends you email notifications about any file changes. So, you can find and revert any unauthorised changes faster, avoiding irreversible issues.
By setting correct permissions and monitoring them regularly, you ensure better safety of your data and enhance the general Magento operation. But note that file permissions are not the only security measure you need to take to protect your store.
Thus, explore other Magento admin panel security tips to make sure your data is protected from other malicious actions too.
