How to fix the inability to write to the generated/code directory in Magento 2

- E-Commerce, Fire development, Magento 2

Magento 2 export CLI

We’ve already explored a case related to exceptions during the Magento 2 installation. Below, you will see how to fix a similar problem that occurs after you successfully install the software. Since exceptions display when you try to access your storefront or admin, you cannot write to the generated/code directory. More tips are available in this article: Magento 2 Cookbook.

Issue

In some cases, it is necessary to enable the developer mode to see the exceptions. For instance, you may face the following ones:

Solution

Since Magento 2 recommends different ownership and permissions settings for different users to run the application, you may meet the exceptions mentioned above and, as a result, the inability to write to the generated/code directory in Magento 2.

Although it is recommended to have one user on shared hosting and two users on private hosting, the system has some exceptions to this. Let’s briefly describe Magento 2 requirements to ownership and permissions.

The core purpose behind this block of settings is security. You want to make your online business as safe as possible, even in a development environment. Thus, preventing unauthorized access and potentially harmful things is a number one reason to use different ownership and permissions configurations.

File system owner in Magento 2

The Magento 2 file system owner is a user able to write to files in the Magento 2 file system. This term is sometimes a synonym of the command-line user and may refer to any of the following:

  • A single user of shared hosting who can log in to the Magento server to run it and transfer files via FTP. You can implement a umask if there is a single user for further access restriction.
  • Several users from a shared group. This situation is typical for private hosting or your server. Although it is not possible to log in to the server and switch to the webserver user to manage everything, you have separate users:
    • One for the webserver to run the Magento 2 backend and frontend;
    • And another one to run cron jobs and command-line utilities (a command-line user). You can use this local account to log in to the server.

Note that write permissions to the Magento file system may be necessary for both the webserver and command-line users. Write access is required for the developer mode. You provide them with permissions via a shared group to which they belong.
Also, note that private hosting has its unique requirements. To let the shared group write to the Magento 2 file system, use the default 002 umask.

Another important topic that we won’t discuss here is Pre-installation ownership and permissions. Check it before installing the Magento 2 software.

How to configure a umask

To make your e-commerce business more secure, Magento 2 offers a umask – a tool that enables restrict access to different levels of your website. Being also called a file system creation mask; it is a set of bits. The purpose of each bit is to control and restrict the corresponding permissions set for newly created files.

A default three-bit mask for Magento 2 is 002. You subtract it from the UNIX standards:

  • 666 – for files;
  • 777 – for directories.

As a result, you have 664 for files which are writable for both the user and the group. As for the others, they are only readable. 775 for directories makes them fully controllable for both the user and the group, just like in the case of files. Everyone else can traverse the directory. You can find more information about magento_umask here: Optionally set a umask.

Note that different permissions and ownership are recommended for default, developer, and production modes. You can read more information here: Magento ownership and permissions. For more details on how to write to the generated/code directory in Magento 2, follow this link: Magento 2 exceptions after installation.