Permissions / Wordpress on Bitnami/AWS

Glad to hear that. This is the best approach to edit the WordPress files remotely.

Hi Beltran,
To be able to edit my wordpress php files directly, I ran this command:

$ sudo chown daemon:daemon /opt/bitnami/apps/wordpress/htdocs

Now, I am getting a 403 forbidden when trying to access any wordpress page

my site is: wears.me.

Can you help? Thanks!

Hi @alexinternet,

What else have you changed? Just changing the htdocs permissions to daemon shouldn’t be doing what you said.
If you want to try, the default permissions in AWS are bitnami:daemon, so you can check if executing

$ sudo chown bitnami:daemon /opt/bitnami/apps/wordpress/htdocs

it works again, but I think it is not going to work. Could you please give us more information? Have you changed any configuration file? Could you post here the content of your Apache log files?

Best regards,
Carlos

Hi Carlos, the only other thing I changed is moved my wordpress site to the root using this command:

$ sudo /opt/bitnami/apps/wordpress/bnconfig --appurl /

To fix my “403 forbidden” issue, I just ran the following commands to regain access to everything:

$ sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/
$ sudo find /opt/bitnami/apps/wordpress/htdocs/ -type f -exec chmod 664 {} \;
$ sudo find /opt/bitnami/apps/wordpress/htdocs/ -type d -exec chmod 775 {} \;

So, any suggestion on what command to run to edit my wordpress files? I still see:
“You need to make this file writable before you can save your changes” in my WordPress theme editor UI

Thanks!

1 Like

Which file is it asking for permissions? Which permissions does it have?

Best regards,
Carlos

So i found a general catch all solution that seems to have worked for me.

People have been saying to change the owner of the files, but you can preempt the need to change the owner by editing the Apache configuration file at:

/opt/bitnami/apache2/conf/httpd.conf

scroll down to the section just after the DSO module loadings and just after the PHP lines where it says:
(please note that I changed the normal <> tags to [ ] because of some sort of limitation in posting code here)
BEGIN CODE

[IfModule unixd_module]
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon

[/IfModule]’
END CODE

Simply change User daemon to User bitnami and then run these commands:

/opt/bitnami/apache2/scripts/ctl.sh stop apache2
/opt/bitnami/apache2/scripts/ctl.sh start apache2

Hi @cwvanderreyden

although it works, we encourage people not to do it unless they really want to do it this way, and only if they know what are the problems that can face with this modification. We configure the user and group as daemon because this is one of the best ways to secure the Apache server from hackers and exploiters.

If you set the user and group as “bitnami”, and someone finds an exploit or hack your Wordpress (or any app under this configuration), depending on the hack/exploit, they could be able to access to your machine and run shell commands. Using the “daemon” user and group, they won’t be able to do it, as it is secured.

Best regards.

Where to run this? In FTP? I don’t know anything plz help.

Hi @nagaraj116,

You must log into that machine through a protocol called SSH (stands for Secure Shell). The guide for doing it with AWS is here.

If after following the advices posted above you couldn’t solve your issue, do not hesitate to write us back here (or, maybe, on another topic you can create).

Best regards,

David Gonzalez

@dgonzalez Thanks for your response. Actually, I tried as in the tutorial for many times but nothing worked.

Hi @nagaraj116

If you run that command you will give permission to the folder /opt/bitnami/apps/wordpress/htdocs but not to the files inside that folder. If you want to give permission to all the files, you must run this command:

sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs

If you have any questions do not hesitate to ask, thank you.

Hope it helps.

Best regards,
Alejandro.

1 Like

Hi,

The link does not work? Can you please resent it.

Thank you,
Neha

Hi @kpatelneha23,

That link was pointing to our old documentation site.
Please, find below the answer:

For security reasons, WordPress files are not editable from the WordPress application itself [using WordPress’ built in Theme Editor]. If you are using a Virtual Machine or a Cloud Image, we would suggest to use a FTP client to edit the files remotely.

Another option is to change the permissions to be able to edit from the WordPress application temporary. Note that this configuration is not secure so please revert it after editing the files temporarily:

$ sudo chown -R daemon:daemon /opt/bitnami/apps/wordpress/htdocs
# To revert this change you can run the following command:
$ sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs

Is there anything else that we can help you with?

Best regards,

David González

1 Like

When I need to modify WP sites, sometimes I need to modify the files through FTP, and sometimes I need to modify the files through the WP-admin panel. I’ve tried everything on this post and more, but nothing seems to work properly - including @cwvanderreyden 's modification of the httpd.conf file. Nothing works except for changing the owner of htdocs back and forth from bitnami and daemon, and it’s time consuming and tedious, especially on the sites where there are other users that need to modify using the WP-admin panel.

Does anyone have any other solution, or suggestion on where I could be going wrong with @cwvanderreyden 's fix? (I made extra sure to stop and restart the script and tried it multiple times.)

Hi @spencerfcloud
We strongly discourage the solution that implies modification of httpd.conf file.

Since Bitnami WordPress Stack 4.6.1-1

… it should be possible to edit files from the WordPress admin panel without any modification.


If you are using an older version of WordPress

… and you want to modify files from WP-admin panel you need to grant permissions to Apache to modify those files.
But by doing that you allow Apache to interpret other files that may be maliciously placed next to the files you want to edit.

That’s the reason why you need to change permissions back and forth if you want to stay secure.

For security reasons, WordPress files are not editable from the WordPress application itself [using WordPress’ built in Theme Editor]. If you are using a Virtual Machine or a Cloud Image, we would suggest to use a FTP client to edit the files remotely.

Another option is to change the permissions to be able to edit from the WordPress application temporary. Note that this configuration is not secure so please revert it after editing the files temporarily:

$ sudo chown -R daemon:daemon /opt/bitnami/apps/wordpress/htdocs
# To revert this change you can run the following command:
$ sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs

Hope this helps.

Regards,
Jorge

@jorgemarin There must be something wrong with my setup then. I’m using WordPress version 4.7.4 and I need to use ‘sudo chown’ every time I want to switch permissions to edit the WP files or use the WP-admin panel. Do you know what might be wrong?

Hi @spencerfcloud

That is a feature of the command chmod. You can’t change the ownership of a file unless you’re an owner of that file.

There are a few cases on stackoverfow talking about it:
https://askubuntu.com/questions/95985/is-it-possible-to-change-ownership-of-a-file-without-root-access

@dbarranco Thanks, but I realize that. I was pointing out that @jorgemarin said [quote=“jorgemarin, post:18, topic:11883”]
Since Bitnami WordPress Stack 4.6.1-1

… it should be possible to edit files from the WordPress admin panel without any modification.
[/quote]

However, I have the Bitnami WordPress Stack 4.7.4, but I still need to switch back and forth using chmod in order to edit files from the WordPress Admin panel or the folders themselves using SFTP.

Are you saying this is a purposeful feature of the Bitnami WordPress configuration? If that’s the case, then that’s fine, but I may have to switch to a less time-consuming service that doesn’t require people to switch permissions when they want to modify their files. But if that’s not the case, then something must be wrong with my configuration.

Thanks

Hello @spencerfcloud

If you’re using a Bitnami WordPress Stack 4.7.4, you should be able to modify to edit files using both the WordPress Admin panel and FTP.

As you can see in the output of the command ls -la /opt/bitnami/apps/wordpress/htdocs/ below, both user bitnami (the one used on SFTP connections) and daemon (the one used when using the WP Admin pannel) have writing permissions on a fresh installation:

ls -la /opt/bitnami/apps/wordpress/htdocs/
total 196
drwxrwxr-x  5 bitnami daemon  4096 Apr 24 09:31 .
drwxr-xr-x  6 root    root    4096 Apr 24 09:35 ..
-rw-rw-r--  1 bitnami daemon   418 Sep 25  2013 index.php
-rw-rw-r--  1 bitnami daemon 19935 Jan  2 18:51 license.txt
-rw-rw-r--  1 bitnami daemon  7433 Jan 11 17:46 readme.html
-rw-rw-r--  1 bitnami daemon  5447 Sep 27  2016 wp-activate.php
drwxrwxr-x  9 bitnami daemon  4096 Apr 24 09:33 wp-admin
-rw-rw-r--  1 bitnami daemon   364 Dec 19  2015 wp-blog-header.php
-rw-rw-r--  1 bitnami daemon  1627 Aug 29  2016 wp-comments-post.php
-rw-r-----  1 bitnami daemon  4096 May  8 09:20 wp-config.php
drwxrwxr-x  6 bitnami daemon  4096 Apr 24 09:33 wp-content
-rw-rw-r--  1 bitnami daemon  3286 May 24  2015 wp-cron.php
drwxrwxr-x 18 bitnami daemon 12288 Apr 24 09:31 wp-includes
-rw-rw-r--  1 bitnami daemon  2422 Nov 21 02:46 wp-links-opml.php
-rw-rw-r--  1 bitnami daemon  3301 Oct 25  2016 wp-load.php
-rw-rw-r--  1 bitnami daemon 33939 Nov 21 02:46 wp-login.php
-rw-rw-r--  1 bitnami daemon  8048 Jan 11 05:15 wp-mail.php
-rw-rw-r--  1 bitnami daemon 16255 Apr  6 18:23 wp-settings.php
-rw-rw-r--  1 bitnami daemon 29896 Oct 19  2016 wp-signup.php
-rw-rw-r--  1 bitnami daemon  4513 Oct 14  2016 wp-trackback.php
-rw-rw-r--  1 bitnami daemon  3065 Aug 31  2016 xmlrpc.php 

Could you please describe step-by-step how to reproduce your issue when editing files?

Best Regards,

Juan Ariza

Thanks Juan,

For this issue, I:

  1. Log into my AWS EC2 Management Console
  2. Create a key pair for the new site and store it in a safe space on my computer
  3. Launch a new EC2 instance using “WordPress Powered by Bitnami”, the t2.micro instance
  4. Pair it with the key pair that was just created
  5. Modify permissions of the .pem file by typing 'chmod 600 ’ then adding the path to the key pair
  6. Log into the Bitnami phpMyAdmin interface
  7. Add the local database I was using to the Bitnami database
  8. Using FileZilla, create a new site connection
    a. Host = IPv4 Public IP Address on EC2 Instance
    b. Protocol = SFTP - SSH File Transfer Protocol
    c. Logon Type = Key file
    d. User = “bitnami”
    e. Key file = Location of key file saved from earlier
  9. Upload the local files of the website to opt/bitnami/apps/wordpress/htdocs file using the FTP connection
  10. Modify the wp-config.php file so that DB_PASSWORD option equals password found in EC2 management console log
  11. Use the interconnect/it tool to search and replace all instances of the local URL with the live URL (currently, whatever the IPv4 address is until the site is ready to go live)
  12. Remove the Bitnami manage tag using sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1

At this point, I can only edit files using the FTP backend. If I try to edit anything using the WordPress admin panel, I get the message “To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host”. Then, there are 3 fields for the Hostname, FTP Username, and FTP Password, but there isn’t anything I can type in here since the FTP connection is established with a Key Pair, not username or password.

If there’s anything you can do to help. Or if you have any questions about the process. Please let me know.