Magento 1.x Software Support Notice

For Magento Commerce 1, Magento is providing software support through June 2020. Depending on your Magento Commerce 1 version, software support may include both quality fixes and security patches. Please review our Magento Software Lifecycle Policy to see how your version of Magento Commerce 1 is supported.

For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.

Before You Install Magento: Recommended File System Ownership and Privileges

Edit this page on GitHub

Table of Contents


In a continuing effort to improve security and ease of use, Magento is updating its recommendations for file system permissions and ownership for the following Magento editions:

The guidelines discussed in this article apply to:

importantImportant: This topic contains suggestions based on our experience. They are not requirements because we don't know the details of your deployment. Consult your hosting provider, a qualified security specialist, or an experienced system administrator for advice about specific security settings.


This article uses the following terminology:

Hosted system
A Magento server located on a hosting provider. A hosted system typically does not enable you to elevate to root. The web server typically runs as an ordinary user. Magento assumes you log in as this user to start and stop the web server and that you already own all the files and directories in the Magento installation directory. You can use chmod to change permissions on files and directories.
Dedicated system
A Magento server you control and operate. Unlike a hosted system, you can elevate to root and, as root, you can use the chown and chmod commands to set ownership and privileges in the Magento installation directory.

Recommended Privileges and Ownership Before You Install Magento

This section discusses Magento's pre-installation recommended privilege and ownership settings, which are as follows:

Note: On a dedicated system, all commands discussed in this article must be entered as a user with root privileges.

After you extract the Magento installation package, set ownership and permissions as follows:

  1. Dedicated Magento server only. Find the web server user:
    • Apache:
      • Ubuntu: grep User /etc/apache2/apache2.conf
      • CentOS: grep User /etc/httpd/conf/httpd.conf

        Note: The preceding paths are samples only. The paths to these .conf files on your system might be different. You can use the command whereis nginx to find the location of the configuration files.

      Typically, the Apache web server user on CentOS is apache and the Apache web server user on Ubuntu is www-data.
    • nginx: Open the nginx configuration file, typically /etc/nginx/nginx.conf. The user directive specifies the username. It might run as the Apache user if Apache is installed on the same system.
  2. Change to the Magento installation directory.
  3. Dedicated Magento server only. Enter the following command to set ownership of the Magento installation directory and all its subdirectories:
    chown -R web-server-user-name .
    For example, on Ubuntu where Apache usually runs as www-data, enter
    chown -R www-data .
  4. Enter the following commands to set directory permissions to 700 and file permissions to 600:
    find . -type d -exec chmod 700 {} +
    find . -type f -exec chmod 600 {} +

For More Information

For more information about UNIX permissions, see the following resources: