[wp-trac] [WordPress Trac] #26822: During upgrade, no errors thrown when file permissions are wrong

WordPress Trac noreply at wordpress.org
Mon Jan 13 12:34:38 UTC 2014


#26822: During upgrade, no errors thrown when file permissions are wrong
-----------------------------+------------------------------
 Reporter:  mystica555       |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:
 Severity:  major            |  Resolution:
 Keywords:                   |
-----------------------------+------------------------------

Comment (by dd32):

 WordPress is designed to work across many thousands of different server
 configurations, many of which have not been altered in years, which the
 end user has no control over, and WordPress is expected to just work.
 In order for WordPress to do that, it makes a judgement call based on the
 permissions it see's, it doesn't tell the user they've done something
 wrong (because, chances are, the user hasn't and it's just their host) and
 just does it's best to work with what it's given.

 This does mean that WordPress has prioritized user experience over user
 education (on something that they're probably not interested in) and
 showing obscure error messages.
 This is very much similar to the rest of the WordPress UX, if you don't
 have GD/Imagemagik installed you don't get flashing alerts about image
 resize not working, if the filesystem doesn't allow uploads to be written
 it doesn't give intense instructions on fixing it, if one method of
 external HTTP access is bad, we use a different one, etc.

 For those who are a host, or who is configuring their own server, I
 believe we have documentation in the codex for it (but I'm not sure) - the
 basic rule is: If PHP is executing as the owner of the files (Which
 generally means php-fpm or suexec) and the files are writable by that
 user, then FTP credentials (of which, the password is NEVER stored) won't
 be needed.
 Group-writable is not enough for WordPress for a variety of reasons
 (primarily, created files may not be writable by the owner, something we
 can't detect) and is covered in other tickets.

 I'm not sure of how it'd be best to describe in words that would be both
 helpful to a sysadmin AND be a good UX for a user who anything beyond
 point-and-click text modification is all too much for them. For that
 reason having a installable plugin such as our
 [http://wordpress.org/plugins/background-update-tester/ Background Update
 Tester] is probably the best solution for everyone.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/26822#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list