[wp-hackers] wp-filesystem

DD32 wordpress at dd32.id.au
Sun Mar 2 09:52:38 GMT 2008

The wp-filesystem stuff is simply a wrapper that allows WordPress to access the filesystem as the same user as the user who owns the blog.

Let me give a quick explanation of why its needed:
As i'm sure you know, in a Multi-user system, every user has a seperate username, All the files they create are owned by that user.
File systems are designed with security in mind, A user cannot modify another users files unless they've specifically been granted that permission.

Most web servers run as a seperate user (On linux with Apache, This is generally the 'apache', 'www', or 'daemon' user), Here is where the problem lies, Most web servers simply execute the PHP code as that user, And so comes the problem when wordpress attempts to modify a file(ie. a plugin file). The PHP code is running as 'daemon' and attempts to edit a file owned by 'dd32', Most servers will prevent that, as the security layer kicks in.

So, The wp-filesystem wrapper is designed to access the filesystem via ftp OR via direct filesystem functions IF the server is setup to allow it(ie. Windows & IIS, or SuExec under linux), At present for beta testing, Its hard-coded to only do ftp, it'll have that limit removed for release.
By connecting via FTP, It allows WordPress to modify its own files, As while connected via ftp its the user 'dd32' accessing 'dd32's files, And so, everything works correctly.

So in short, ALL it does, is a Filesystem wrapper.
If it needs to connect via ftp, it prompts the user for the user/pass details (I believe it remembers the hostname and whatnot?, just not the password).

The plugin-upgrader simply downloads the latest .zip file from wordpress.org, Initates a wp-filesystem connection, removes the old files, installs the latest files, disconnects to filesystem connection, and its done.

The filesystem information does NOT need to be set during the installer, as its only ever needed once a function which utilises it is called, At present, Thats only the plugin-upgrader, But it'll also be tied to the plugin-installer, It could also be utilised by the plugin/theme/file editor, and the config generator.

Sorry for the ramble, Hopefully it'll be of some use to you.

On Sun, 02 Mar 2008 14:47:29 +1100, spencerp <theone.andonly.mr.awesome at gmail.com> wrote:

> Just curious, how could/would this be configured AFTER an installation?
> I heard that it could be configured DURING an installation (If this is
> correct right?), but what-if someone already has all their blogs setup,
> running SVN, and already had TRUNK (2.5) there?
> Or am I missing this all together? Can someone explain this
> feature/function(s) in short, but easily understandable detail? =) I
> read through the comments on the ticket, but it's still a little bit
> confusing. http://trac.wordpress.org/ticket/5586
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list