After installing Magento 2, we have to update permission follow this guide: https://devdocs.magento.com/guides/v2.0/install-gde/prereq/file-system-perms.html
Basically, this guide does not work with some web server that uses Fast-CGI which use permission 755 for folders and 644 for files. But if Magento generates new files or directories, those will have the permission 770 and 660 again. You can edit those default chmod values in the following files:
/vendor/magento/framework/Filesystem/DriverInterface.php (WRITEABLE_DIRECTORY_MODE and WRITEABLE_FILE_MODE)
/lib/internal/Cm/Cache/Backend/File.php (directory_mode and file_mode)
Note: Editing files like this is never a good idea, but I suspect these chmod options are going to be configurable in the future, so I took the easy way.
etc folder permission
Sometimes we got the error “app/etc” is not writable (maybe when save cache). We need to grant correct permission for folder app/etc by the following command
$ chmod 770 -R app/etc $ chmod 666 -R app/etc/config.php app/etc/env.php $ chmod 660 -R app/etc/di.xml app/etc/NonComposerComponentRegistration.php app/etc/vendor_path.php