[wp-trac] Re: [WordPress Trac] #8794: Allow Automatical upgrade to use direct method when files are group writable

WordPress Trac wp-trac at lists.automattic.com
Mon Jan 5 03:42:52 GMT 2009 

#8794: Allow Automatical upgrade to use direct method when files are group
writable
-------------------------------------+--------------------------------------
 Reporter:  vilhelmk                 |        Owner:     
     Type:  enhancement              |       Status:  new
 Priority:  normal                   |    Milestone:  2.8
Component:  Upgrade                  |      Version:  2.8
 Severity:  normal                   |   Resolution:     
 Keywords:  has-patch needs-testing  |  
-------------------------------------+--------------------------------------
Comment (by vilhelmk):

 Replying to [comment:1 DD32]:
 > Would it be required for WordPress to change the owner of the files to
 the users username as well? (ie. in this case, the files would get written
 as www-data:www-data assuming the web servers username/groupname is that,
 instead of dd32:www-data)

 In my use-case it would *not* be required for wordpress to change any
 ownership of the files (or more specifically group ownership).

 To clarify what the patch fixes, here's the use-case where I experienced
 this bug and therefore fixed it:

   - All directories in the wordpress installation has the g+ws flags,
 where the "s" means "sticky", which again means that the permissions
 (group writable) will follow on new files, including who owns the files.

   - The web-server runs each virtualhost (or wordpress installation) under
 different uid/gid's specified by the apache2-mpm-itk-module in apache,
 making it easier for multiple unix users to have access to all files
 (including the ones wordpress creates) on the same
 virtualhost/installation, by putting them all in the same unix group and
 setting all files to g+ws.

 I guess that would make it easier to test :-).


 > Theres been a few tickets where this idea has been closed off due to the
 above concern, but since you've submitted a patch, worth looking at.
 >
 > I guess: {{{fileperms($temp_file) & 0x0010}}} is checking if its group-
 writable? (Or have i misunderstood g+w as group writable instead of
 globally-writable? if the latter, i'd seriously highly not suggest it)

 Yes, 0x0010 is group-writable (also see php.net/fileperms).

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8794#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list