[wp-trac] [WordPress Trac] #17277: Security needs need to be clearly documented
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 29 14:57:08 UTC 2011
#17277: Security needs need to be clearly documented
--------------------------------+------------------------------
Reporter: novasource | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: WordPress.org site | Version:
Severity: normal | Resolution:
Keywords: needs-codex |
--------------------------------+------------------------------
Comment (by novasource):
I may have found my answer, but the codex is conflicted.
http://codex.wordpress.org/Updating_WordPress#Automatic_Update says:
Note that your files all need to be owned by the user under which your
Apache server executes, or you will receive a dialog box asking for
"connection information," and you will find that no matter what you enter,
you won't be able to update.
However,
http://codex.wordpress.org/Changing_File_Permissions#Permission_Scheme_for_WordPress
says:
All files should be owned by your user account on your web server, and
should be writable by your username. Files should never be owned by the
webserver process itself (sometimes this is www, or apache, or nobody).
... Any file that needs write access from WordPress should be group-owned
by the user account used by the webserver.
Contradictory.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17277#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list