Permission change after setup:upgrade
See my answer to this question.
The problem here is that newly generated files are owned by the user and group who issues the command $USER:$USER
, where they should belong to $USER:www-data
or $USER:apache
. Because apache2 does not have access to the group $USER
, the website cannot be properly served.
In order to retain proper permissions, magento commands should be executed as the apache user.
For example:
Ubuntu
$ sudo -u www-data php bin/magento setup:upgrade
CentOS
$ sudo -u apache php bin/magento setup:upgrade
This way, new files are owned by www-data:www-data
(in the case of ubuntu).
So long as you have properly followed Magento's documentation with regards to permissions and added the cli user to the apache2 group, then you will have proper access to the files.
If you did not follow this documentation then you can execute the following command to do so:
Ubuntu
$ sudo usermod -a -G www-data $USER
CentOS
$ sudo usermod -a -G apache $USER
Note:
In order that commands can be executed without declaring the apache2 user, Daniel's answer explains that we can modify how the Magento framework sets permissions for new files.