[wp-hackers] Does WordPress do automatic updates as the user that owns the files?
Harry Metcalfe
harry at dxw.com
Mon Aug 20 17:30:42 UTC 2012
I'm confused. The codex says:
> When you tell WordPress to perform an automatic update, all file
> operations are performed as the user that owns the files, not as the
> web server's user
http://codex.wordpress.org/Hardening_WordPress#Regarding_Automatic_Updates
I'm pretty confident that this is not the case for us, and I don't see
how it can be the case for anyone without somehow allowing the web user
to impersonate a shell user, which would surely not be sensible at all.
Is this just wrong? Or have I misread it? Or is something clever going
on that I've failed to notice?
Harry
More information about the wp-hackers
mailing list