[wp-trac] [WordPress Trac] #10895: theme upload / delete fails due to update.php / themes.php ownerhip
WordPress Trac
wp-trac at lists.automattic.com
Sat Oct 3 19:00:19 UTC 2009
#10895: theme upload / delete fails due to update.php / themes.php ownerhip
--------------------------+-------------------------------------------------
Reporter: foresto | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Wordpress 2.8.4 theme uploads through the admin UI are failing due to a
file ownership issue, even when file ownership and permissions are set
exactly as recommended in the Wordpress docs:
"All files should be owned by your user account on your web server, and
should be writable by your username. Any file that needs write access from
WordPress should be group-owned by the user account used by the
webserver."
"For core WordPress files, all should be writable only by your user
account."
http://codex.wordpress.org/Changing_File_Permissions
http://wordpress.org/docs/en/handbook/2.7/#sysadmin.permissions
I had the ownerships and permissions set exactly as recommended by the
wordpress web site, yet uploading a theme still failed. It also failed
when I gave the wordpress/apache process full permissions on *every* file
and directory in the whole installation. It finally worked when I changed
the ownership of "wp-admin/update.php" to be that of the apache user.
Mind you, wordpress already had full rights to that file; changing the
ownership didn't give it any more abilities than it already had.
It seems wordpress is arbitrarily failing because it thinks update.php
should be owned by the apache user, even though that goes contrary to
wordpress.org recommendations and standard unix security practices.
There is a similar problem deleting a theme when "wp-admin/themes.php" is
not owned by the apache user.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10895>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list