[wp-trac] [WordPress Trac] #10895: theme upload / delete fails due to update.php / themes.php ownerhip
WordPress Trac
wp-trac at lists.automattic.com
Sat Oct 17 10:18:46 UTC 2009
#10895: theme upload / delete fails due to update.php / themes.php ownerhip
-------------------------------+--------------------------------------------
Reporter: foresto | Type: defect (bug)
Status: new | Priority: normal
Milestone: Unassigned | Component: Upgrade/Install
Version: | Severity: normal
Keywords: reporter-feedback |
-------------------------------+--------------------------------------------
Comment(by dd32):
Replying to [comment:2 foresto]:
> Replying to [comment:1 dd32]:
> > Unfortunately both of those resources you've refered to do NOT make
reference to the upgrade/install process.
>
> I'm not sure I understand you. Are you trying to say that the two PHP
files I mentioned do not contain code that is used in the theme install
process? That may be the case, but the problem I described still exists.
Sorry, The resources i referred to were the codex page links.
> > you should NOT have to change the ownership of the files, or the
permission levels.
>
> Again, I'm not sure what you're trying to say. Do you mean that theme
uploads should work without setting special ownership on the files? I
agree; that's why I filed the bug report. Do you mean that a sysadmin
should not set file ownerships to match the security practices that are
common to all unix systems running web servers and are recommended by the
Wordpress docs? I would have to be really ignorant of security issues in
order to agree with that.
What i'm saying, is the default security settings which are used (755 for
folders, and 644 for files) are fine, So are defaults of 400 and 700, The
Permissions on the underlying filesystem should NOT be changed to allow
the upgrades/installs to work, it should work via FTP or selected
transport without compromising security. Changing permissions or ownership
to world-writable or owned by the web server is what i was getting at that
SHOULDNT be done.
> > WordPress uses FTP to modify the files (Unless WordPress is in a
suPHP/SuExec environment, Or you've messed with ownership/permissions),
>
> The behavior I observed is that Wordpress tries installing themes first
by directly writing to the filesystem, and secondarily by trying an FTP
server. I've seen it install themes without an FTP server running on the
host machine, and only fail with FTP-related error messages when the
ownership of those two files is not set as I described in my report.
Poor choice of wording on my behalf, It doesnt actually try to write the
files, It does however test the writeability of the folder early on when
determining which transport to operate with.
> > It'd be much appreciated if you'd report the original error you came
up against.
>
> I did. This is it. You might want to check out #10898 as well (which I
discovered only after a good deal of investigating the original error I
came up against).
Then thats all you had to say, Generally, When someone contacts me
directly, They neglect to mention the error message, and just say it
doesnt connect, or copies the generic error you've got fro ma support
thread or similar.
> My report contains enough information for someone to reproduce the
problem. Go for it.
Thats the problem, I cant reproduce it with my servers.
Can you check which filesystem transport you're using? If its using the
FTP Extension, try changing it to the FTPSockets library, There has been
some reports of the ftp extension being broken on some hosts.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10895#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list