[wp-trac] Re: [WordPress Trac] #7779: Automatic plugin upgrade doesn't detect the effective uid correctly.

WordPress Trac wp-trac at lists.automattic.com
Wed Oct 15 00:14:05 GMT 2008

#7779: Automatic plugin upgrade doesn't detect the effective uid correctly.
 Reporter:  jamuraa            |        Owner:  DD32   
     Type:  defect             |       Status:  closed 
 Priority:  normal             |    Milestone:         
Component:  Administration     |      Version:  2.6.1  
 Severity:  normal             |   Resolution:  invalid
 Keywords:  reporter-feedback  |  
Changes (by DD32):

  * status:  new => closed
  * resolution:  => invalid


 webserver runs as user www-data
 files are owned by jamuraa
 webserver runs the php script as user www-data

 getmyuid() returns jamuraa
 posix_getuid() returns www-data
 $temp_file gets written with owner www-data

 Then the idea was, That you should '''not''' use the Direct FS access
 because files created by the web server are not owned by the same user
 that owns the WordPress files, It creates headaches when a user comes
 along and wants to delete a file via FTP, and finds that, because they're
 running as user xyz and not www-data, they cant delete files out of their
 own directory.

 Now, Some Server setups are as such that users CAN delete files created by
 the web server(because the group bits are set correctly & the user is part
 of the group), but there are a number which disallow it as well.

 If you want to force Direct FS access rather than FTP, You may do so by
 returning 'direct' on the filter [http://trac.wordpress.org/browser/trunk
 /wp-admin/includes/file.php#L610 filesystem_method] I'll get around to
 releasing a plugin which can override all the FS defaults at some stage..

Ticket URL: <http://trac.wordpress.org/ticket/7779#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list