Setting up permissions for WordPress on Amazon EC2 (Amazon Linux)

See http://blog.david-jensen.com/development/wordpress-amazon-ec2-apache-permissions-wordpress/ among other Google results. He looks to have had good luck:

I have been doing my best to figure out the Amazon EC2 Apache setup of permissions to enable WordPress to be able to manage all of the files on my Amazon EC2 instance without WordPress asking for FTP permissions when I try to upload a plugin or theme via the Admin site. I ended up having to give file and group ownership of the files in my html folder to apache user for WordPress to run correctly. http://www.chrisabernethy.com/why-wordpress-asks-connection-info/ and its comments helped me reach this conclusion.

From the webpage:

Run

sudo su chown -R apache:apache /vol/html

I then set permissions to what the hardening WordPress guide recommends for my html root as all my WordPress files are there as I am running MultiSite with multiple domains.

find /vol/html/ -type d -exec chmod 755 {} \;find /vol/html/ -type f -exec chmod 644 {} \;

As apache doesn’t have a login I feel this is worth the risk though there is probably a better way to do this. I then added ec2-user to the apache group and changed the permissions of the wp-content folder to have group write permission 775.

useradd -G apache ec2-usersudo chmod -R 775 /vol/html/wp-content

This allows FileZilla or any other program logged in as ec2-user the ability to change files and folders in the wp-content folder only. If anyone has a better way of doing this I would like to know. I am only using SSH and SFTP to access the server with key files.

I set the owner to ec2-user:apache, then perform the hardening, then adjust the group read+write permissions for the folders.

sudo chown -R ec2-user:apache /vol/htmlsudo chmod -R 755 /vol/htmlsudo find /vol/html/ -type d -exec chmod 755 {} \;sudo find /vol/html/ -type f -exec chmod 644 {} \;sudo chgrp -R apache /vol/htmlsudo chmod -R g+rw /vol/htmlsudo chmod -R g+s /vol/html

Then edit /wordpress-install/wp-config.php and define the fs_method

define('FS_METHOD', 'direct');

Now wordpress can update/upload, etc. And you can still SFTP files without changing the permissions every time.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hosting-wordpress.html

To fix file permissions for the Apache web server

Some of the available features in WordPress require write access to the Apache document root (such as uploading media though the Administration screens). The web server runs as the apache user, so you need to add that user to the www group that was created in the LAMP web server tutorial.

Add the apache user to the www group.

[ec2-user wordpress]$ sudo usermod -a -G www apache Change the file ownership of /var/www and its contents to the apache user.

[ec2-user wordpress]$ sudo chown -R apache /var/www Change the group ownership of /var/www and its contents to the www group.

[ec2-user wordpress]$ sudo chgrp -R www /var/www Change the directory permissions of /var/www and its subdirectories to add group write permissions and to set the group ID on future subdirectories.

[ec2-user wordpress]$ sudo chmod 2775 /var/www [ec2-user wordpress]$ find /var/www -type d -exec sudo chmod 2775 {} \; Recursively change the file permissions of /var/www and its subdirectories to add group write permissions.

[ec2-user wordpress]$ find /var/www -type f -exec sudo chmod 0664 {} \; Restart the Apache web server to pick up the new group and permissions.

[ec2-user wordpress]$ sudo service httpd restart Stopping httpd:
[ OK ] Starting httpd: [ OK ]