[wp-hackers] Does WordPress do automatic updates as the user that owns the files?

Harry Metcalfe harry at dxw.com
Mon Aug 20 17:30:42 UTC 2012


I'm confused. The codex says:
> When you tell WordPress to perform an automatic update, all file 
> operations are performed as the user that owns the files, not as the 
> web server's user
http://codex.wordpress.org/Hardening_WordPress#Regarding_Automatic_Updates

I'm pretty confident that this is not the case for us, and I don't see 
how it can be the case for anyone without somehow allowing the web user 
to impersonate a shell user, which would surely not be sensible at all.

Is this just wrong? Or have I misread it? Or is something clever going 
on that I've failed to notice?

Harry


More information about the wp-hackers mailing list