[wp-trac] [WordPress Trac] #26822: During upgrade, no errors thrown when file permissions are wrong
WordPress Trac
noreply at wordpress.org
Mon Jan 13 12:34:38 UTC 2014
#26822: During upgrade, no errors thrown when file permissions are wrong
-----------------------------+------------------------------
Reporter: mystica555 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: major | Resolution:
Keywords: |
-----------------------------+------------------------------
Comment (by dd32):
WordPress is designed to work across many thousands of different server
configurations, many of which have not been altered in years, which the
end user has no control over, and WordPress is expected to just work.
In order for WordPress to do that, it makes a judgement call based on the
permissions it see's, it doesn't tell the user they've done something
wrong (because, chances are, the user hasn't and it's just their host) and
just does it's best to work with what it's given.
This does mean that WordPress has prioritized user experience over user
education (on something that they're probably not interested in) and
showing obscure error messages.
This is very much similar to the rest of the WordPress UX, if you don't
have GD/Imagemagik installed you don't get flashing alerts about image
resize not working, if the filesystem doesn't allow uploads to be written
it doesn't give intense instructions on fixing it, if one method of
external HTTP access is bad, we use a different one, etc.
For those who are a host, or who is configuring their own server, I
believe we have documentation in the codex for it (but I'm not sure) - the
basic rule is: If PHP is executing as the owner of the files (Which
generally means php-fpm or suexec) and the files are writable by that
user, then FTP credentials (of which, the password is NEVER stored) won't
be needed.
Group-writable is not enough for WordPress for a variety of reasons
(primarily, created files may not be writable by the owner, something we
can't detect) and is covered in other tickets.
I'm not sure of how it'd be best to describe in words that would be both
helpful to a sysadmin AND be a good UX for a user who anything beyond
point-and-click text modification is all too much for them. For that
reason having a installable plugin such as our
[http://wordpress.org/plugins/background-update-tester/ Background Update
Tester] is probably the best solution for everyone.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26822#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list