[wp-trac] [WordPress Trac] #27568: Wordpress automatic updates are breaking unix rights
WordPress Trac
noreply at wordpress.org
Fri Mar 28 08:12:33 UTC 2014
#27568: Wordpress automatic updates are breaking unix rights
-------------------------------+------------------------------
Reporter: zigooo | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+------------------------------
Changes (by dd32):
* keywords: => reporter-feedback
Comment:
If the automatically detected settings are not good for your system, you
can define the 'FS_CHMOD_FILE' and 'FS_CHMOD_DIR' constants in your wp-
config.php file, using octal notation:
{{{
define( 'FS_CHMOD_FILE', 0755 );
}}}
Ref for where WordPress sets the constants:
https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/includes/file.php#L908
Previously: #20069
> On each and every upgrade, wordpress completely destroys the unix rights
of itself, removing the "world executable" bit from the PHP scripts, and
adding a "world writable" bit to directories (which by the way is a very
bad thing to do security wise).
This sounds strange to me, based on the above code, WordPress sets file
permissions based on `ABSPATH` and `ABSPATH/index.php`, requiring a
minimum of 755 for directories, and 644 for files, but if the executable
bit is set on index.php, that should also be set by default.
Perhaps you can do some tests for us and debug the above constants to see
why they're being set incorrectly?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27568#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list