Every Laravel and WordPress deployment hits the same friction point: the web server needs to write to certain directories (storage/, wp-content/uploads/), but your deploy user owns the files. The wrong answer is chmod 777. The right answer is chmod 775 combined with a shared group — it gives both your deploy process and the web server write access while keeping those directories closed to everyone else on the system.
chmod 775 means rwxrwxr-x. Owner and group get full read+write+execute (7). Others get read+execute only (5). Use it for Laravel storage/, bootstrap/cache/, and WordPress wp-content/uploads/ when the web server and deploy user share a group.
Need to calculate or convert a chmod mode?
Open Chmod Calculator →How 775 is calculated
rwxrwxr-x — owner and group full (7), others read + execute but no write (5). Green = granted, gray = denied.Owner: 7 = 4 (read) + 2 (write) + 1 (execute) = rwx
Group: 7 = 4 (read) + 2 (write) + 1 (execute) = rwx
Others: 5 = 4 (read) + 0 + 1 (execute) = r-x
Result: rwxrwxr-xThe critical difference from 777: others get r-x (read + execute) but not write. Only the owner and group members can create, modify, or delete files inside the directory.
The problem 775 solves
A typical deployment setup has two users that need write access to the same directory:
- Deploy user (e.g.
deployer) — runsgit pull,composer install, clears cache - Web server user (e.g.
www-data) — writes logs, cached views, uploaded files
If the directory owner is deployer and permissions are 755, www-data falls into "others" and can only read. Setting 777 lets www-data write, but so does every other user on the system. The correct fix is:
- Create a shared group (or use an existing one like
www-data) - Add both users to that group
- Set group ownership on the directory
- Set permissions to 775
Laravel setup: storage and bootstrap/cache
Laravel writes logs, cached views, compiled routes, and uploaded files to storage/ and bootstrap/cache/. These directories must be writable by the web server process:
# Step 1: Add your deploy user to the www-data group
sudo usermod -aG www-data deployer
# Step 2: Set group ownership
sudo chown -R deployer:www-data storage bootstrap/cache
# Step 3: Set 775 permissions
chmod -R 775 storage bootstrap/cache
# Optional: Set the setgid bit so new files inherit the group
chmod g+s storage bootstrap/cache
# Verify
ls -la storage/
# drwxrwxr-x app/
# drwxrwxr-x framework/
# drwxrwxr-x logs/The setgid bit (chmod g+s) ensures that files created inside the directory automatically inherit the www-data group rather than defaulting to the creating user's primary group. This prevents permission drift over time.
WordPress setup: wp-content/uploads
# Set group ownership to the web server user
sudo chown -R deployer:www-data wp-content/uploads
# Set 775 on the directory
chmod -R 775 wp-content/uploads
# Files inside the directory should be 664 (group-writable, not execute)
find wp-content/uploads -type f -exec chmod 664 {} \;Note the difference between the directory (775) and the files inside (664). Files do not need the execute bit, so 664 gives group write without making them executable.
Shared hosting caveat
On shared hosting, multiple customers share the same web server process user (e.g. nobody or www-data). In that environment, 775 gives other customers' PHP code write access to your directory. Use 755 instead, and make sure the web server user owns the directory:
# Shared hosting: owner is the web server user, use 755
chown -R www-data:www-data wp-content/uploads
chmod -R 755 wp-content/uploadschmod 775 vs other common modes
| Mode | Symbolic | Others can write? | Typical use |
|---|---|---|---|
| 777 | rwxrwxrwx | Yes | Avoid — world-writable security risk |
| 775 | rwxrwxr-x | No | Shared writable dirs (Laravel, WordPress, uploads) |
| 755 | rwxr-xr-x | No | Public dirs, executables (only owner writes) |
| 664 | rw-rw-r-- | No | Group-writable files (no execute) |
| 644 | rw-r--r-- | No | Web files, config files (only owner writes) |
Frequently Asked Questions
What does chmod 775 mean?
chmod 775 sets rwxrwxr-x. The owner and the group both get full read, write, and execute (7). Others can only read and execute (5) — they cannot write. It is the standard permission for shared directories where a deploy user and a web server user both need write access.
What is the difference between chmod 775 and chmod 777?
chmod 777 gives everyone on the system write access. chmod 775 restricts write to the owner and group only — others can read and execute but not modify. On a web server, 775 with the correct group is the safe alternative to 777 for writable directories. See why 777 is dangerous.
How do I set up chmod 775 for Laravel storage?
First add your deploy user to the web server group: sudo usermod -aG www-data deployer. Then: chown -R deployer:www-data storage bootstrap/cache && chmod -R 775 storage bootstrap/cache. Optionally add the setgid bit with chmod g+s storage bootstrap/cache to ensure new files inherit the group.
Should WordPress wp-content/uploads be 755 or 775?
If the web server user owns the uploads directory, 755 is enough — the owner (web server) can write. If a separate deploy user owns it and the web server is a different user in the same group, use 775. Never use 777, and on shared hosting use 755 with the web server as owner.
Is chmod 775 safe?
Yes, when the group is configured correctly. The group should contain only trusted users (your deploy user and the web server user). On shared hosting where untrusted customers share a group, 775 is not safe because it gives those customers write access — use 755 instead and ensure the web server user owns the directory.
Calculate any chmod permission instantly
Open Chmod Calculator →Related permission guides
- chmod 777: why it's a security risk — and how 775 solves the same problem safely
- chmod 755 explained — for public directories and executables
- chmod 644 explained — the standard for web files
- chmod 600 for SSH keys and .env files