[wp-testers] perms

Brian Layman wp-testers at thecodecave.com
Mon Jan 3 17:27:50 UTC 2011 

On 1/3/2011 11:19 AM, Klein, Stephen wrote:
> I seem to be having some perms issues for auto-updater, auto plugin loader and auto-theme installer.
> [..]
> The documentation/recommendations suggest 755, so I am a little confused.
>
> Is there something that is set incorrectly?  Maybe setfacl?

Hey, my mother-in-law works for CUNY too...

Anyway, yeah.. permissions...   So you've heard "Directories should be 
755 and files should be 644."

Part of the story here is that the final permissions needs vary from 
machine to machine.   Depending upon the configuration of groups, users, 
and services, you could find you are giving more or less configuration 
than expected I could see 700 acting the same as a 777.  Even though 
your configuration is me(user): me(group), the me(group) could have 
several other users included - such as Apache or even nobody. That would 
be unusual, but definitely a possibility.  It sounds like you could be 
running Apache with suphp which runs as the individual user.

In the end, the 755/644 advice is more accurately stated as:
Start with 755 for directories and 644 for files and then adjust from 
there as needed to make your site work as expected. The end goal is the 
lowest numbers/least permissions possible for the features you want.

If you are willing to add a step to "Unlock" your site before applying 
updates/adding new plugins - that's even more secure.

I posted on this subject in the last couple months.. hmmm... here:
"The answer to: How do you set directories to 755 and files to 644?"
http://thecodecave.com/2010/11/11/how-do-you-set-directories-to-755-and-files-to-644/

I'd love to get any improvement suggestions for those scripts by any 
bash heads on the list..

If you have any further questions on the permissions, you'll probably 
get a better response from http://wordpress.org/support/.  This list is 
more related to issues around improve the core of WordPress than support 
issues.

-- 

Brian Layman
http://eHermitsInc.com
Managed WordPress Hosting


Stephen

More information about the wp-testers mailing list