[wp-trac] [WordPress Trac] #20069: Wordpress upgrade process removed executable bits on .php files and so broke Wordpress

Sat Feb 18 13:28:53 UTC 2012

#20069: Wordpress upgrade process removed executable bits on .php files and so
broke Wordpress
-----------------------------+------------------------------
 Reporter:  gerv             |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:  3.3.1
 Severity:  major            |  Resolution:
 Keywords:                   |
-----------------------------+------------------------------
Changes (by dd32):

 * component:  General => Upgrade/Install

Comment:

 I have never heard of a non-executable file requiring the executable bit
 to be parsed by the server, Likewise, In the last few years, this is the
 first report of such a server configuration ever being mentioned in the
 tens of millions of installs.. and there's been some really weird edge-
 case setups that some people are using.

 I say that the php files should not require the executable bit, due to the
 files not being executed directly themselves, instead, Apache (or whatever
 server software is in use) would pass the .php files to it's handler,
 presumably, a PHP CGI running in suexec mode, which itself, has the
 executable bit set as it's the process that's executed (as the server can
 actually execute the binary file, rather than the .php text file which is
 meaningless to anything but a PHP Binary)

 That being said, !WordPress currently writes files as 644, which is a
 "safe" permission set, which is more relaxed than may be needed by some
 servers, any tighter and some servers refuse, more relaxed, and some
 servers complain, and yet, we can't trust the existing file permissions in
 many cases due to them being set incorrectly to start with (world writable
 for example).

 In your case, You can add the following define to your `wp-config.php`
 file to avoid this issue with core upgrades, and plugin/theme
 installs/upgrades:
 {{{
 define( 'FS_CHMOD_FILE', 0750 );
 }}}
 (I assume it's 0755 you need, but you might also need to use 754 or 755 -
 but your host should be aware of this - note, it must be specified with
 the leading zero, and must not be in a quoted string, exactly as above)

 ----

 For reference, I've found [http://www.alain.knaff.lu/howto/PhpSuexec/ this
 old article] (scroll down to suexec at the bottom) on a configuration
 which requires the .php to be set to executable mode, but it also requires
 a Hashbang to be added to each file to specify the interprator, or,
 through a [http://en.wikipedia.org/wiki/Binfmt_misc little known] feature
 of the linux kernel to specify parsers for specific file types.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20069#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software