Bug 717790 - wp-content/{plugins,uploads,upgrade} must be writeable for ftp user.
wp-content/{plugins,uploads,upgrade} must be writeable for ftp user.
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: wordpress (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Remi Collet
Fedora Extras Quality Assurance
Depends On:
Blocks: 722591
  Show dependency treegraph
Reported: 2011-06-29 16:56 EDT by Matěj Cepl
Modified: 2018-04-11 02:26 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matěj Cepl 2011-06-29 16:56:57 EDT
Otherwise plugins cannot be managed, files uploaded. I did

chgrp -R ftp $WP_CONTENT/{plugins,upgrade,uploads}
chmod -R 775 $WP_CONTENT/{plugins,upgrade,uploads}

Any other groups are welcome
Comment 1 Bill McGonigle 2012-09-06 16:02:22 EDT
I'm using a wordpress user (for isolation; I should get vsftpd to lock it down to /usr/share/wordpress - I don't let it at /etc/wordpress) and for $WP_CONTENT/{blogs.dir,cache} I'm using wordpress:apache 775 (4775?).  

For EPEL6 I'm using the pecl-ssh2 module to use sftp but that's not in EL5, so I still have to use ftp.  I don't let it through iptables, so it feels a little bit less insane.

I forget if vsftpd can handle a "conf.d" directory, but if it does it might make sense to ship a hardened config for wordpress.
Comment 2 Viorel Tabara 2013-01-29 16:22:03 EST
Using wordpress-3.5-1.el6.noarch:

Actually the installer break FHS when it comes to 'wp-content' subdirs 
since the "apache:ftp" denotes 'modifiable data' and thus the correct 
location would be '/var/lib/wordpress' [1]. '/usr/share' is for data 
that "doesn't need to be modified" [2].

Moving forward, since specific plugins and themes are *included* with 
the package they should be kept under '/usr/share/'. I'm just starting 
to play with WP and don't know if that would be possible.

Comment 3 Adam Williamson 2013-05-18 14:17:57 EDT
These days Wordpress can install and update plugins (and probably themes and stuff) from its admin interface too, and our package doesn't allow that to work. Perhaps we need to re-consider where these directories are located as Viorel suggests, and the permissions and SELinux contexts...

right now I'm updating plugins by wgetting the zips onto the server and unzipping them, which is kind of a PITA.

Note You need to log in before you can comment on or make changes to this bug.