Magento Filesystem Permissions
This is an old revision of the document!
This article will give an idea about file and folder permissions required by Magento.
If you are not familiar with UNIX style permissions please read one of the articles found here:
Magento is a web application, or set of scripts, which are interpreted by a PHP executable, which in it’s turn is invoked by a web service process (ex. apache).
Magento will have as much access permissions to the file system as the user under which PHP executable was invoked.
If apache is configured to run PHP using mod_php module, then Magento will be run under same user apache runs (ex. apache, nobody)
In this case the simplest way to make necessary files writable is to give them 777 (world writable) permission, although this is far not the most secure way.
The other possibility is to assign the files apache process’ user’s group (apache or nobody), and set permissions to 664 for files and 775 for folders. 775 for files will work too.
If apache is configured to use suEXEC (http://httpd.apache.org/docs/1.3/suexec.html) or suPHP (http://www.suphp.org/) then it will run under the same user you use for FTP or shell access. This will be possible only with CGI or FCGI configuration.
With this configuration all entry point PHP scripts (files that are directly accessed by apache, ex. index.php, js/proxy.php) and folders they are located in can not have world writable permissions, or apache Error 500 will be thrown.
Because all the files are writable by the same user as FTP and shell, there’s no need for any special permissions.
During normal operation of Magento store only 2 folders need to be writable:
- /media - for web accessible files, such as product images
- /var - for temporary (cache, session) and import/export files
During installation Magento Install Wizard will create app/etc/local.xml file which contains database configuration and global encryption key for your Magento copy.
Meaning app/etc folder has to be writable to web service.
If you wish to use web based downloader for installation, upgrades or MagentoConnect extensions installation, you will need to have write permissions on ALL magento files including the root Magento folder.
Alternatively, if you do not like to make all files and folders writable to the web service, it is possible to install and upgrade Magento from shell, using command line PEAR instructions, such as:
# all commands are to be ran from the root Magento folder. # help on all available PEAR commands: ./pear help # initial installation from downloader package: ./pear mage-setup . ./pear install magento-core/Mage_All_Latest # install additional extension: ./pear install magento-community/Some_Extension # list available upgrades ./pear list-upgrades # upgrade a package ./pear upgrade magento-core/Mage_Package # uninstall a package ./pear uninstall magento-community/Unwanted_Package