Apache or nginx - You Gotta Get Your Permissions Sorted

One of the most confusing parts that I encountered when initially deploying Symfony apps were the extra permissions commands needed as described here.

Fortunately when following these tutorials, you should not need to go through enabling the Ubuntu ACL. From all my testing on Digital Ocean, I have not needed to complete that process. Though often I would on Virtual Machines, so be aware of it.

We will need to run the setfacl commands.

If we don't do this then Symfony will complain about permissions problems when trying to create the environment cache directories.

At this stage you most likely do not yet have a web directory created for your project.

For my example, I will be using the path of:


This will be my project's root directory on the web server.

This is also the path we have told our LAMP and LEMP webserver configs to expect to find our files.

From the server, let's start by creating this directory structure, if you haven't already done so:

mkdir /var/www/crvfakeexample.com

Next, let's change the owning user and group from root to www-data:

chown www-data:www-data /var/www/crvfakeexample.com

At this point we have our initial directory structure, but Symfony expects a little further from us.

We must make sure that Symfony can write to the var directory, for purposes like our cache, sessions, and logs directory contents.

Fortunately, Symfony provides us with the commands.

But, before we can use them, we need to do one further thing:

mkdir /var/www/crvfakeexample.com/var
chown www-data:www-data /var/www/crvfakeexample.com/var

The setfacl commands below expect the var directory to exist.

With this in place, we can now follow the instructions from the official docs:

HTTPDUSER=$(ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1)
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:$(whoami):rwX var
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:$(whoami):rwX var

This should be as simply as copy / paste.