[wp-trac] [WordPress Trac] #8400: Plugin upgrade not possible
without being script owner
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 27 14:39:48 GMT 2008
#8400: Plugin upgrade not possible without being script owner
---------------------+------------------------------------------------------
Reporter: sigvei | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 2.8
Component: Plugins | Version: 2.6
Severity: normal | Keywords:
---------------------+------------------------------------------------------
In my server setup, I have wordpress located in $HOME/wordpress, and that
is symlinked to a public www directory. The files in $HOME/wordpress are
owned by me, with www-data (webserver's group) as group owner. Files and
directories are readable and writable by both owner and group. This means
I won't have to have root access to upgrade wordpress, and yet I am still
able to edit plugin and theme files.
This means plugin upgrades should be possible. However,
get_filesystem_method in wp-admin/includes/file.php checks whether direct
access is possible by doing this:
{{{
$temp_file = wp_tempnam();
if ( getmyuid() == fileowner($temp_file) )
$method = 'direct';
unlink($temp_file);
}}}
With a standard server setup, $temp_file will be owned by the user owning
wp-admin/update.php. In my setup, that means this check fails.
I am not quite at the patch stage here, as I am not quite sure of the
permission needs of plugin update files. But testing whether the owner of
update.php is the same as the owner of the apache process seems like a
clear bug to me. It isn't relevant to the task.
--
Ticket URL: <http://trac.wordpress.org/ticket/8400>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list