Set Magento 2 File Permissions Correctly
Magento 2 file permissions are one of the most common reasons why stores break after running setup:upgrade, setup:di:compile, or deploying static content. If permissions are wrong, Magento cannot write files, cache fails, and the site may show 500 errors. In this guide, you’ll learn how to set Magento 2 file permissions correctly for both single-user and multi-user servers.
Understanding Magento 2 File Permissions
Before fixing Magento file permissions, you need to understand three basic concepts in Linux:
- Owner – the user who owns the file
- Group – a group of users who share access
- Permission – read (r), write (w), execute (x)
Common permission values:
- 755 = owner can write, others can read
- 775 = owner and group can write
- 644 = file readable by all, writable by owner
Magento needs write access to some folders, but most of the system should stay read-only for security.
Magento File Permissions for Single-User Servers
A single-user setup means:
- SSH user = web server user (nginx/apache)
This is the simplest and safest model.
Recommended setup:
cd /var/www/magento
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod +x bin/magento
chmod -R 775 var generated pub/static pub/media
Why this works:
- Core files stay protected
- Magento can write to:
- var
- generated
- pub/static
- pub/media
This setup prevents most Magento 2 file permissions issues.
Magento File Permissions for Multi-User Servers
Multi-user setup means:
- One user runs SSH commands
- Another user runs web server
This often causes permission denied errors.
Step 1: Create a shared group
sudo groupadd magento
sudo usermod -a -G magento www-data
sudo usermod -a -G magento youruser
Step 2: Change ownership
sudo chown -R youruser:magento /var/www/magento
Step 3: Set group permissions
find . -type d -exec chmod 775 {} \;
find . -type f -exec chmod 664 {} \;
chmod g+s .
chmod +x bin/magento
chmod -R 775 var generated pub/static pub/media
Now both users can write safely without breaking Magento 2 file permissions.
Recommended Magento File Permissions by Folder
| Folder/File | Permission | Reason |
| app/ | 755 | Read-only code |
| vendor/ | 755 | Composer files |
| var/ | 755 | Cache, logs |
| generated/ | 755 | DI compile |
| pub/static/ | 755 | Static deploy |
| pub/media/ | 755 | Uploads |
| bin/magento | 755 | Executable |
| .htaccess | 644 | Read-only |
Why Magento Breaks After setup:upgrade or setup:di:compile
Magento 2 file permissions often break because:
- Commands are run as a different user
- New files get wrong owner
- Web server cannot read/write them
- Result: 500 error, blank page, or admin down
Example:
- You run
setup:di:compileas root - Files become owned by root
- Web server cannot access them
- Site crashes
How to Fix Permission Errors Step by Step
1. Go to Magento root
2. Reset ownership
sudo chown -R youruser:magento /var/www/magento
3. Reset permissions
find . -type d -exec chmod 775 {} \;
find . -type f -exec chmod 664 {} \;
chmod -R 775 var generated pub/static pub/media
chmod +x bin/magento
4. Clear generated folders
rm -rf var/cache var/page_cache generated/*
5. Run Magento commands again
Security Tips for permission config
- Never use 777 in production
- Never run Magento as root
- Keep app/ and vendor/ read-only
- Only allow write access where needed
- Always fix permissions after deploy
Correct Magento file permissions protect your store from both errors and attacks.
Conclusion
Magento file permissions are critical for a stable and secure store. Most broken setups come from wrong ownership or permissions, especially after running setup:upgrade or setup:di:compile.
If your store feels unstable, don’t panic—our full Magento services team is ready to help you fix permission issues, improve performance, and grow your business. Explore all our services.
Set Magento 2 file permissions correctly from day one, and you’ll avoid many painful production issues later.
