[wp-trac] [WordPress Trac] #33966: Wordpress file ownership.

WordPress Trac noreply at wordpress.org
Wed Sep 23 10:07:13 UTC 2015


#33966: Wordpress file ownership.
----------------------------+-----------------------------
 Reporter:  blakemoore123   |       Owner:
     Type:  defect (bug)    |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Filesystem API  |     Version:  4.3.1
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:  administration
----------------------------+-----------------------------

Comment (by blakemoore123):

 Hi @dd32 ,

 Couldn't, but if a directory has rwx for example the below:

 `drwxrwxr-- 1 ftpuser www-data 3.0K Aug 19 03:19 wp-content`

 Any user in the 'www-data' group '''will''' have access to write to the
 wp-content directory. All you need to do is set either ACLs or set sticky
 bits on the directories in questions.

 Surely file permissions should be left up to the end client or a hosting
 providers' sysadmin (thats me in this case). If there are any errors with
 writing to files, just print them!

 We have 10,000s of customers who don't want suPHP or php-fpm they just
 want mod_php and an ftp user.

 If you have 10 WordPress sites on one server all writable by www-data and
 one gets hacked... (I understand you promote suPHP, but i don't think
 everyone uses it.)

 I understand that this wont change, so let's agree to disagree :-)



 Please can you point me to some documentation which advises how to setup
 WordPress with correct permissions and i can look at sending this out to
 my colleagues.

 Cheers

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33966#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list