Setting project permissions (folders, files) to Fixed
Meaning of groups created on the server
- UserAccounts: Primary account only group (auto-generated, required)
- adm : Permission to view system logs (usually required for administrator accounts, not needed for normal operations)
- cdrom Access to a CD/DVD device (not necessary these days unless you have a CD-ROM on your server)
- sudo : Use administrator privileges (required)
- dip : Dialup/PPP network related (for old modems, rarely needed)
- www-data : Webserver account group (Debian/Ubuntu Apache-Nginx default)
- plugdev Access to hotplug devices like USB (not necessary if the server doesn't use USB)
- lpadmin : Printer Manager (not necessary if you don't use printers on the server)
- lxd : Manage LXD/LXC containers (not necessary if you don't use Proxmox or LXD directly)
- sambashare : Access to Samba shared directories (not necessary if you don't use Windows sharing)
- docker : Docker administrative privileges (required for Docker write)
- www : When installing aaPanel, there is a case of using the web server account (need to confirm the account running OpenLiteSpeed/Nginx)
- webdev : Group created by yourself (user_group + www tied together to manage web development, highly recommended ✅)
🔎 Check the list of groups
# View a list of all groups
cat /etc/group👉 This file contains the GroupName:x:GID:User1,User2,... It should look something like this.
🔎 See which users are in a specific group
# Example: The webdev group
getent group webdevExample output:
webdev:x:1002:user_group,www→ In the webdev group user_group, www is included.
1) Add www-data to the webdev group + OK
Add the # group
sudo usermod -aG webdev www-data
Restart PHP-FPM to reflect #
Verify that # www-data is in webdev
id www-data
# → webdev should be visible in the groups list🔎 See all groups the current user belongs to
groups user_group✅ Fixed folder permissions standard
- Owner: user_group
- Groups:
webdev - Directory:
2775(including setgid → new ones are also automatically added to thewebdev) - File:
664 - Special Files:
wp-config.php→ Β640 - Special Folders:
wp-content/uploads,wp-content/plugins,wp-content/themes→ Β775Keep
1) Set projects permissions
cd /www/wwwroot/projects
Change the # owner/group
sudo chown -R user_group:webdev .
Fix # folder permissions
sudo find . -type d -exec chmod 2775 {} \;
Fix # file permissions
sudo find . -type f -exec chmod 664 {} \;
# Secure wp-config.php
sudo chmod 640 wp-config.php
# wp-content write folder
sudo chmod -R 775 wp-content/uploads wp-content/plugins wp-content/themes2) Instant Read Test (immediately check if permissions are OK)
# Attempt to read wp-config.php with www-data permissions
sudo -u www-data head -n 3 /www/wwwroot/projects/wp-config.php
If you see the content without # errors, you're good to go📌 How to manage
- When installing a new WordPress project, run the same set of commands as above → Run the Setting fixed permissions Setup complete.
- The permissions are No Dev/Ops separation.
- If you need to make a manual fix during production, just use the
user_groupSign in to your account → clickwebdevNo problem, thanks to group permissions.
Β Weed
한국어 
简体中文 
English 
Español 
Português 
العربية 
日本語 
Deutsch 
Français 
Nederlands 
Svenska 
Norsk bokmål 
Dansk