[wp-edu] For those who host WordPress sites for others...a question on how to let a site owner update plugins

Tim Owens genial at gmail.com
Tue Oct 1 14:41:15 UTC 2013

A user with the ability to install and update plugins will always have the
ability to delete them. There's no way on an operating-system level of
distinguishing between those two actions (in Linux that's write-level
access). If they're on their own VM with just a single Wordpress install
just give them admin access to that install. They don't need to be root on
the box, they just need the same account that owns the Wordpress files.
Your sysadmin can setup an account for them, chown the folders and files
for the Wordpress install, and then give them those credentials and it
should work.

-Tim Owens

On Tue, Oct 1, 2013 at 10:28 AM, Dixie Lang <ddlang at wisc.edu> wrote:

> Greetings fellow WordPress users,
> Background:
> I work in an IT department that provides WordPress hosting and support for
> three academic departments. Our users are mostly faculty and grad students,
> and the sites focus on their research labs.
> We maintain a WP multisite with about 55 sites. As the multisite sysadmin,
> I manage the themes, plugins and WP core files. I also create child themes
> and write plugins.
> Most of our sites are very simple and require little content maintenance
> (very few blog). One lab group, however, wanted social media plugins that
> did not play well with the multisite. I moved them to a separate Linux VM
> running Apache with a single WordPress installation.
> The lab owner (a faculty member) wants to be able to install and configure
> plugins on his own so he can play with Twitter plugins. He is currently
> admin on the site.
> Technical Implementation Question
> Is it possible to give a site admin on a single WP installation the
> ability to install, update, and configure plugins, but not delete them or
> touch core?
> I talked with our Linux sysadmin, and we have thought of 3 possible ways
> to do this:
> 1) By plugin
> 2) Through the VM, by creating a Linux user account then letting him enter
> than information in the WP connection screen
> 3) (worst case) Give him SSH access to the plugins folder on the VM and
> let him use a tool like WinSCP to upload the files
> Re #2, the posts I found in the WP Codex led me to believe that the user
> account entered into the WP connection screen must be in the www-data group
> or root group. That is a higher security priv that our Linux sysadmin
> prefers to give him.
> Thank you in advance for any guidance you can provide.
> Sincerely,
> Dixie Lang
> Web Developer
> Russell Labs Computing
> University of Wisconsin-Madison
> _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20131001/ced3ea72/attachment.html>

More information about the wp-edu mailing list