Add SFTP user with required permissions for Nginx with PHP-FPM

When you buy your own VPS for your WordPress site yourself, you won’t get a default file transfer user (other than root). If you are using a non-root user you will get permission errors. This post will show you how to fix permission issues if you want to add SFTP user with Nginx and PHP-FPM.

I am using Debian 9 for this tutorial, so I am assuming you are using PHP 7.

Add SFTP user with required permissions for Nginx with PHP-FPM

  • Create new user from right home folder
  • FTP user becomes a member of the www-data group
  • Configuring Nginx to Run as an FTP User
  • PHP-FPM works as ftpuser in www-data group
  • Correct Permissions

Create SFTP user

Create a new FTP user, /var/www is the home folder for the FTP user

sudo useradd -d /var/www/ ftpuser

Set a password for ftpuserwhen prompted for your password, you won’t see the characters when you type!

sudo passwd ftpuser

Add ftp user to group www-data

sudo usermod -aG www-data ftpuser

Your new FTP user is now a member of the right group and has the correct home folder

Changing the Nginx user

Open nginx config

sudo nano /etc/nginx/nginx.conf

Change user value on ftpuser

# andreyex.ru nginx configuration
user ftpuser;
worker_processes auto;
pid /run/nginx.pid;

Check if the Nginx syntax is correct

sudo nginx -t

You should receive these confirmation messages

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Nginx will now work as an FTP user.

PHP-FPM user change

Open PHP-FPM configuration

sudo nano /etc/php/7.0/fpm/pool.d/www.conf

Change the value user on ftpuser

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = ftpuser
group = www-data

PHP-FPM syntax check

sudo php-fpm7.0 -t

You should see this success message

[25-Mar-2017 07:05:24] NOTICE: configuration file /etc/php/7.0/fpm/php-fpm.conf test is successful

PHP-FPM is now configured to act as ftpuser.

Fixing permissions

Recursively changing access rights for ftpuser in home folder

sudo chown -R ftpuser:www-data /var/www

Install 775 for folders so that ftpuser and the www-data group can do

sudo find /var/www/ -type d -exec chmod 775 {} +

Set 664 for files so that ftpuser and the www-data group can write files

sudo find /var/www/ -type f -exec chmod 664 {} +

Change folder permissions /var/lib/nginx

sudo chown -R ftpuser:www-data /var/lib/nginx

Change log folder permission

sudo chown -R ftpuser:www-data /var/log/nginx

Changing PHP Session Permissions

sudo chown -R ftpuser:www-data /var/lib/php/sessions

Refinement

Now the services just need to be restarted

sudo service php7.0-fpm restart
sudo service nginx restart

You should now be able to upload files via SFTP without any permissions issue.

Sidebar