[wp-trac] [WordPress Trac] #33966: Wordpress file ownership.

WordPress Trac noreply at wordpress.org
Wed Sep 23 01:48:49 UTC 2015 

#33966: Wordpress file ownership.
----------------------------+-----------------------------
 Reporter:  blakemoore123   |       Owner:
     Type:  defect (bug)    |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Filesystem API  |     Version:  4.3.1
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:  administration
----------------------------+-----------------------------
Changes (by dd32):

 * status:  new => closed
 * milestone:  Awaiting Review =>


Comment:

 Hi @blakemoore123 and welcome to trac :)

 WordPress bases it's checks off the owner of the PHP files, mostly due to
 the requirement that WordPress needs to create files, in addition to
 writing files.

 The problem is that if PHP is running as `www-data/www-group` and the
 users account is `ftpuser/www-group`, we have no ability (from within PHP)
 to know that the ftp user is actually within that group, nor do we have
 any ability to know that the FTP server respects the groups (There could
 be ACL's either at the system, or ftp level, which locks users to only
 owned files for example). Since WordPress wants to just-work, we can be a
 little more restrictive (and fall back to the fallback, FTP) to give us a
 much more reliable update.

 Additionally, WordPress promotes increased security by encouraging hosts
 to utilise per-user PHP accounts to decrease the ability for cross-account
 site defacing and other attacks which are highly effective (When one site
 is infected, all others can too, etc).

 So to link back to the original thing here, Files being writable for
 updates isn't enough since we need to create new files which we're sure
 the FTP user can access (and other PHP processes from other untrusted
 users can't modify). For places where we don't need to create new files
 (For example, point-release background core updates never create new
 files) we only require the files to be writable, so your permissions would
 allow for a point-release background from 4.3 to 4.3.1.

 A few tickets to reference: #30245 #10205

 I'm closing this as a duplicate of the above, discussion can continue
 without re-opening the ticket, and the ticket can be re-opened if a
 compromise is found which is reliable over the many different thousands of
 configurations WordPress experiences.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33966#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list