[wp-trac] [WordPress Trac] #51340: Stop chmodding files and folders
WordPress Trac
noreply at wordpress.org
Fri Sep 18 08:38:34 UTC 2020
#51340: Stop chmodding files and folders
----------------------------+-----------------------------
Reporter: malthert | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: trunk
Severity: major | Keywords:
Focuses: |
----------------------------+-----------------------------
WP's filesystem handler has a chmod function, that is used e.g. when
updating,...
To conform with standards, enforce proper usage of umask by the server
admin as well as avoid errors when the file owner is not the same as the
user running WP, WP should not be chmodding files whatsoever.
Linux, for obvious security reasons, only allows chmod for the owner of
the file (independent of permissions, except root).
Thus, it makes sense to have the WP files owned by user A, but run
php(-fpm) by user B.
When WP now tries to chmod, which it shouldnt, as we have established that
may cause a security issue, it will obviously create a PHP error.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51340>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list