I am a fan of AWS Ligthsail but there are some things that I found problematic with the Bitnami setup. I was having some minor issues with permissions and I wanted to see if this was a common issue. This topic that made me wonder why they didn’t use ACL (Access Control Lists) by default.
I decided to help out with this issue by explaining how to configure ACL to alleviate the majority of these woes.
The permissions in the code below is the permissions found on Bitnami’s docs. I kept this the same as their recommendations (with minor improvements).
First, lets install ACL:
sudo apt-get install acl
With ACL installed, we can define default permissions. For the WordPress setup, I used this:
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/ sudo chmod g+s /opt/bitnami/apps/wordpress/htdocs/ sudo setfacl -R -d -m u::rwx /opt/bitnami/apps/wordpress/htdocs/ sudo setfacl -R -d -m g::rwx /opt/bitnami/apps/wordpress/htdocs/ sudo setfacl -R -d -m o::rx /opt/bitnami/apps/wordpress/htdocs/
This will ensure that the user and the group always have access.
If for whatever reason you still have permission issues, they can be fixed by running (you should only need to do this once after you specify the ACL rules, if at all):
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/
I will also include the proper permissions in case you feel the need to manually set the file and directory permissions: (this is not needed but left here for legacy permission settings as this is what should be used instead of what this thread shows)
sudo find /opt/bitnami/apps/wordpress/htdocs/ -type d -exec chmod 2775 {} \;
sudo find /opt/bitnami/apps/wordpress/htdocs/ -type f -exec chmod 2664 {} \;
It should be noted, that I did not include how to harden WordPress with ACL. That should be pretty straight forward if you read the docs on it. This post is only to show the basic setup of ACL, which I feel should be defaulted on the instances using Bitnami.
I also use letsencrypt, so I will show you the ACL for that part too:
sudo mkdir -p /opt/bitnami/apps/wordpress/letsencrypt/live sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/letsencrypt/ sudo chmod g+s /opt/bitnami/apps/wordpress/letsencrypt/ sudo setfacl -R -d -m u::rwx /opt/bitnami/apps/wordpress/letsencrypt/ sudo setfacl -R -d -m g::rwx /opt/bitnami/apps/wordpress/letsencrypt/ sudo setfacl -R -d -m o::rx /opt/bitnami/apps/wordpress/letsencrypt/
The logic is the same as above. Below is also the correct legacy permissions:
sudo find /opt/bitnami/apps/wordpress/letsencrypt/ -type d -exec chmod 2775 {} \;
sudo find /opt/bitnami/apps/wordpress/letsencrypt/ -type f -exec chmod 2664 {} \;
Hopefully this will help others that come here with permission issues.
