SSH vs Wordpress

Not sure what the difference is between 644 and 664 or 775 and 755 if the users in the group aren't allowed to do stuff anyways.

You get three types of permissions: Read (r) value 4 - view the contents of the file, Write (w) value 2 - change the file content, Execute (x) value 1 - run the file as a program.

So for the first three of rw- it refers to the Owner. You have - 6 That means you get three values that must add up to six 4 + 2 = 6, which means the Owner can view the contents and can write to the files and any other modification, so it looks like this rw-.

The group Owner is next in line and the Group Owner has read with 4 and read and write with 6.

Everyone else is represented by the last digit, in other words anyone who is not the owner or group owner.

So 4 means everyone else can only read the files as it should be.

So 644 = rw-r--r-- 664 = rw-rw-r--

File permissions are extremely important on WordPress

The permission on files should be 664 = rw-rw-r-- This is a permission on a VPS not a shared host.

Permission for files are 664 and directories are 775. The owner is your user and the group owner is the web server www-data.

That is how you should be setting up your permissions on a VPS.

As far as the why, it has to do with the security principle called the Principle of Least Privilege, you can learn more about the why and the Principle of Least Privilege here: https://codex.wordpress.org/Hardening_WordPress

Before messing with your server permissions, I would first try to use autoupdate via FTP.

Add this to your wp-config.php file:

/*
    See: http://codex.wordpress.org/Editing_wp-config.php#Override_of_default_file_permissions for alternative methods.
*/
define('FS_METHOD', 'direct'); // try also 'ftpext' or 'ftpsockets'
define('FTP_USER', 'YOUR FTP LOGIN');
define('FTP_PASS', 'YOUR FTP PASSWORD');
define('FTP_HOST', 'YOUR FTP HOST (without http:// or ftp://)');
define('FTP_SSL', false);

Checking what permissions you are actually setting is always a good idea before just doing so.

644 = Owner Read/Write, Group Read, Others Read 664 = Owner Read/Write, Group Read/Write, Others Read

4 - Read, 2 - Write, 1 - Execute

You can see from sequence above 644 the first number 6 would be 4+2, Read+Write. It's always OWNER/GROUP/OTHERS, so first number owner, second group, etc.

Set files to 664, and directories to 775. I actually wrote a script a few years ago to do this automatically (you may need to change 644 to 664 and 755 to 775): https://github.com/tripflex/scripts/blob/master/chmodwp

You would need to set write permissions for the group www-data which is why use 664 and 775.

Do you only get this issue when you do edit files via SSH? There's a couple things you could do if the issue was the user/group, including using runuser

http://www.cyberciti.biz/open-source/command-line-hacks/linux-run-command-as-different-user/

Could just setup an alias for when you edit files, if that's what you're doing.

The problem you're having is because WordPress can't write to the files on your server. Make sure your parent directory www or public_html is set to the right user:group and has the right permissions.

You either want to be highly secure or not. If security is important to you, you just not going to let the web server write to anywhere except for the uploads directory which means that no automatic update (which IMO is a good think for other reasons as well). If you do want the functionality just set up an FTP server with a veru complex password.