Add SFTP user with required permissions for Nginx with PHP-FPM
When you buy your own VPS for your WordPress site yourself, you won’t get a default file transfer user (other than root). If you are using a non-root user you will get permission errors. This post will show you how to fix permission issues if you want to add SFTP user with Nginx and PHP-FPM.
I am using Debian 9 for this tutorial, so I am assuming you are using PHP 7.
Add SFTP user with required permissions for Nginx with PHP-FPM
- Create new user from right home folder
- FTP user becomes a member of the www-data group
- Configuring Nginx to Run as an FTP User
- PHP-FPM works as ftpuser in www-data group
- Correct Permissions
Create SFTP user
Create a new FTP user, /var/www
is the home folder for the FTP user
sudo useradd -d /var/www/ ftpuser
Set a password for ftpuser
when prompted for your password, you won’t see the characters when you type!
sudo passwd ftpuser
Add ftp
user to group www-data
sudo usermod -aG www-data ftpuser
Your new FTP user is now a member of the right group and has the correct home folder
Changing the Nginx user
Open nginx config
sudo nano /etc/nginx/nginx.conf
Change user
value on ftpuser
# andreyex.ru nginx configuration user ftpuser; worker_processes auto; pid /run/nginx.pid;
Check if the Nginx syntax is correct
sudo nginx -t
You should receive these confirmation messages
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Nginx will now work as an FTP user.
PHP-FPM user change
Open PHP-FPM configuration
sudo nano /etc/php/7.0/fpm/pool.d/www.conf
Change the value user
on ftpuser
; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. user = ftpuser group = www-data
PHP-FPM syntax check
sudo php-fpm7.0 -t
You should see this success message
[25-Mar-2017 07:05:24] NOTICE: configuration file /etc/php/7.0/fpm/php-fpm.conf test is successful
PHP-FPM is now configured to act as ftpuser.
Fixing permissions
Recursively changing access rights for ftpuser
in home folder
sudo chown -R ftpuser:www-data /var/www
Install 775
for folders so that ftpuser and the www-data group can do
sudo find /var/www/ -type d -exec chmod 775 {} +
Set 664
for files so that ftpuser and the www-data group can write files
sudo find /var/www/ -type f -exec chmod 664 {} +
Change folder permissions /var/lib/nginx
sudo chown -R ftpuser:www-data /var/lib/nginx
Change log folder permission
sudo chown -R ftpuser:www-data /var/log/nginx
Changing PHP Session Permissions
sudo chown -R ftpuser:www-data /var/lib/php/sessions
Refinement
Now the services just need to be restarted
sudo service php7.0-fpm restart sudo service nginx restart
You should now be able to upload files via SFTP without any permissions issue.