Bug 717790

Summary: wp-content/{plugins,uploads,upgrade} must be writeable for ftp user.
Product: [Fedora] Fedora EPEL Reporter: Matěj Cepl <mcepl>
Component: wordpressAssignee: Remi Collet <fedora>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: awilliam, bill-bugzilla.redhat.com, mcepl, rcollet, viorel
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-30 14:59:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 722591    

Description Matěj Cepl 2011-06-29 20:56:57 UTC 
Otherwise plugins cannot be managed, files uploaded. I did

chgrp -R ftp $WP_CONTENT/{plugins,upgrade,uploads}
chmod -R 775 $WP_CONTENT/{plugins,upgrade,uploads}

Any other groups are welcome
Comment 1 Bill McGonigle 2012-09-06 20:02:22 UTC 
I'm using a wordpress user (for isolation; I should get vsftpd to lock it down to /usr/share/wordpress - I don't let it at /etc/wordpress) and for $WP_CONTENT/{blogs.dir,cache} I'm using wordpress:apache 775 (4775?).  

For EPEL6 I'm using the pecl-ssh2 module to use sftp but that's not in EL5, so I still have to use ftp.  I don't let it through iptables, so it feels a little bit less insane.

I forget if vsftpd can handle a "conf.d" directory, but if it does it might make sense to ship a hardened config for wordpress.
Comment 2 Viorel Tabara 2013-01-29 21:22:03 UTC 
Using wordpress-3.5-1.el6.noarch:

Actually the installer break FHS when it comes to 'wp-content' subdirs 
since the "apache:ftp" denotes 'modifiable data' and thus the correct 
location would be '/var/lib/wordpress' [1]. '/usr/share' is for data 
that "doesn't need to be modified" [2].

Moving forward, since specific plugins and themes are *included* with 
the package they should be kept under '/usr/share/'. I'm just starting 
to play with WP and don't know if that would be possible.


[2]:http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLIBVARIABLESTATEINFORMATION 
[2]:http://www.pathname.com/fhs/pub/fhs-2.3.html#USRSHAREARCHITECTUREINDEPENDENTDATA
Comment 3 Adam Williamson 2013-05-18 18:17:57 UTC 
These days Wordpress can install and update plugins (and probably themes and stuff) from its admin interface too, and our package doesn't allow that to work. Perhaps we need to re-consider where these directories are located as Viorel suggests, and the permissions and SELinux contexts...

right now I'm updating plugins by wgetting the zips onto the server and unzipping them, which is kind of a PITA.
Comment 4 Ben Cotton 2020-11-05 16:47:46 UTC 
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version.

Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged  change the 'version' to a later Fedora version prior this bug is closed as described in the policy above.
Comment 5 Ben Cotton 2020-11-30 14:59:55 UTC 
EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
EPEL please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.