In this section we are going to discuss on how we can set magento file system ownership and permissions:

• Why do we set file system permissions
• Magento File system ownership and permissions

Why do we set file system permissions

Being living in a internet age exploits are a real concern, in-order to prevent malicious exploits we need to take advantage of the file system by setting Magento file system ownership and permissions in a particular way. For more information, see Overview of ownership and permissions.

These are the things needs to keep in mind:

The Magento file system owner:
They must have the full control of all directories and files
This user must be kept as a different user not the web server user and the web server must have the write access to:

• var
• app/etc
• pub

Other than this folders and files web server user must own the files created by Magento Admin or other web-based utilities

So the recommended permissions is as follows:

• All folders must have permission 770.
  770 permissions give read/write/execute only to the owner and group and no permissions to others
• All files have  must have permission 660.
  660 permissions give read/write/ only to the owner and group and no permissions to others

File system permissions and ownership

The steps taken to set the permissions and ownership is as follows:

1. Change to the Magento installation directory:

cd /path/to/magento/root

Examples:
Ubuntu: /var/www/magento2
CentOS: /var/www/html/magento2

2. Set ownership:

chown -R : web server user.

Typical examples:CentOS: chown -R :apache .
Ubuntu: chown -R :www-data .

3. Set permissions:

sudo find . -type d -exec chmod 770 {} \; && sudo find . -type f -exec chmod 660 {} \; && sudo chmod u+x bin/magento

Hope this section helps to know about the magento file system ownership and permissions