How To Set Magento 2 File/ Folder Permissions?

Magento 2 includes more advantages than its first version - Magento 1. The technologies and innovations used in Magento 2 make your store’s performance more seamless, secure, and reliable than ever before.

However, when you migrate from Magento 1 to Magento 2 or are inexperienced in this field, you might get some setting and configuration problems. Magento 2.3.x permission is one of them.

If you don’t know what to do with permissions on your Magento 2 versions installation or are messed up, you’ve come to the right place.

In this article, I will talk about Magento 2 file/ folder permissions and shed light on how to set file/ folder permissions for Magento 2 properly.

Table of contents:

• How to set Magento 2 File Permissions?
  • Set permissions for shared hosting (one user)
    • Required permissions
    • 4 Step to make code files and directories read-only
    • 3 Steps to make code files and directories writable
  • Set permissions for private hosting (two users)
    • Set up two owners for default or developer mode
    • Set up two owners for production mode
      • Make code files and directories read-only
      • Make code files and directories writable
• Conclusion

How to set Magento 2 File Permissions?

Depending on whether you use shared permissions or private server, the setting procedures will differ.

Set permissions for shared hosting (one user)

Usually, shared hosting allows logging into the server as one user. The user may log in, then transfer files using FTP, and this user also runs the web server.

To apply the one-owner setup, you must log in to your Magento as the same user utilizing the server.

Having only one file system owner, it can be insecure. That’s why we advise you to deploy Magento in production on a private server instead of on shared hosting if it’s possible.

Required permissions

After logging in to the Magento server, the user has to access to write the following directories:

• vendor

• app/code (only for production mode)

• app/etc

• pub/static

• var (only for default or developer mode)

• Any other static resources

• generated/code

• generated/metadata

• var/view_preprocessed

When it comes to deploying your site to production mode, the same directories should be disabled for write permissions to increase the security level.

If you want to update or install new components or just upgrade the Magento software, every preceding directory needs to be read-write.

You can set these permissions by choosing between the command line and a file manager application.

As the file manager provided by your hosting service is confidential, we will give you an overall solution for the setting made via the command line.

4 Step to make code files and directories read-only

• Step 1: First, you have to log in to your Magento server.

• Step 2: Then, move to your Magento installation directory.

• Step 3: Next, your job’s to to enter the following command to change to production mode:

bin/magento deploy:mode:set production

• Step 4: Finally, remove write permissions to the following directories.

find app/code var/view_preprocessed vendor pub/static app/etc generated/code generated/metadata \( -type f -or -type d \) -exec chmod u-w {} + && chmod o-rwx app/etc/env.php && chmod u+x bin/magento

3 Steps to make code files and directories writable

To update components and upgrade the Magento software, you need to make files and directories writable

• Step 1: Sign in to the Magento server.

• Step 2: Navigate to your Magento installation directory.

• Step 3: Enter the following command: chmod -R u+w .

Set permissions for private hosting (two users)

When you’re server owner (either a hosting provider’s or private server setup), there are 2 main types of users:

• The web server user: Runs the Magento Admin (including the Setup Wizard) and storefront. However, Linux systems don’t offer a shell for this user. So you couldn’t log in to the Magento server as, or switch to, the web server user.

• The command-line user: Can log in to your Magento server as or switch to, also referred to as the Magento file system owner. Magento uses this user for running Magento CLI commands and cron. This user is

We recommend you make a share group to which they belong as their users access the same files. You can see

Moving to the next procedures, we will presume that you have already done it.

Set up two owners for default or developer mode

Users in developer and default mode must have the write access to following directories:

• var

• generated

• pub/static

• pub/media

• app/etc

To set setgid and permissions for developer mode:

• Step 1: You need to log in to your Magento server as, or switch to, the Magento file system owner.

• Step 2: Enter those commands

cd <magento_root>
find var generated pub/static pub/media app/etc -type f -exec chmod g+w {} + && 
find var generated pub/static pub/media app/etc -type d -exec chmod g+ws {} + 

Set up two owners for production mode

Before deploying your site to production, we advise you to disable the writable access from files in the following directories for security improvement:

• vendor

• app/code

• app/etc

• lib

• pub/static

• Any other static resources

• generated/code

• generated/metadata

• var/view_preprocessed

Make code files and directories read-only

To disable writable permissions to files and directories from the web server user’s group, follow 4 steps below:

• Step 1: First, log in to your Magento server.

• Step 2: After that, move to your Magento installation directory.

• Step 3: Enter the below command to turn to production mode

bin/magento deploy:mode:set production

• Step 4: Finally, enter the following command as a user with root privileges:

find app/code lib pub/static app/etc generated/code generated/metadata var/view_preprocessed \( -type d -or -type f \) -exec chmod g-w {} + && chmod o-rwx app/etc/env.php

Make code files and directories writable

To make files and directories writable so you can update components and upgrade the Magento software:

• Step 1: First, sign in the Magento server.

• Step 2: Navigate to the Magento installation directory.

• Step 3: Enter the following command:

find app/code lib var generated vendor pub/static pub/media app/etc \( -type d -or -type f \) -exec chmod g+w {} + && chmod o+rwx app/etc/env.php

Conclusion

I hope all the information above will be useful for you.

If you’re searching for an extension to protect all your store’s sensitive information, the Admin Permissions module is tailored for Magento e-commerce. It can help you allocate permissions for different admin users effectively.