[HacktionLab] Wordpress file permissions and ownership: command line versus dashboard
Charlie Harvey
charlie at newint.org
Wed Apr 2 09:42:28 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 02/04/14 08:11, Mick - Clearerchannel.org wrote:
> They can't put it into the plugins directory
>> themselves as the files as owned by the web server user and the user
>> does not have root access.
Hi,
I got caught by the reply-to as well.
On the *nix permissions you would give group write to www-data and add
the sftp user to www-data (on a debianlike system -- its www on
freebsd). Like:
$ sudo chmod -R 775 /var/www/wordpress/wp-plugins
$ sudo useradd -G www-data sftp-user
Course now your users can write arbitrary (executable) data to your
plugins folder. Which requires extreme bravery and confidence that your
users know what they are doing.
Cheers,
- --
Charlie Harvey
IT Director
New Internationalist
t: +44 (0)1865 811402
f: +44 (0)1865 793152
w: http://www.newint.org/
k: http://ox4.li/gpgkey/
** Celebrating 40 years of doing the right thing: New Internationalist,
est. 1973**
*Amnesty Media Award winner 2012*
New Internationalist is an independent not-for-profit communications
cooperative. Our multi-award winning magazine, New Internationalist,
brings to life the people, the ideas and the action in the fight for
global justice.
New Internationalist Publications Ltd. is incorporated in England
under no.1005239. Registered Office:
New Internationalist, 55 Rectory Road, Oxford, OX4 1BW, UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJTO9uEAAoJEPytMqUZaqlzj3QP/jBv7ZZJr4bIw6fa2aR1SCmi
eAGVLF8yHOkLw4mLzO3AramYC2cB/bVmU5B5Wb3Rrtgma0j7GpPPvrCKgBDd3Mm8
5omxoUUr6DKRpkFTOhV0nkMOENR4IkEKEiqvX++OYVU+9Q2qoso3b+WXD0/hYrW2
F3gwAmWGrXKXX4C3bSqEsye6NOGDAksyXSxT9S5OGu7mbb+iRlMZpOqbmw3oYfiy
EVQVL8f4MZDLd81Lfm1Tn6Oo5iUKqZimEkWPQLnKeDvSMZbwu4h5n/ADoRYHE2km
I1xCEsktXVq4RD0oIzqkpPT/6X3bZtq8yzsW/weqndA2psC49+whj5MBfYbm6hBw
IF2BbSqmSHNBhj9a1YOqLzrU5Qcl+sY4+nCQZ/RHGyMFDmGhvkZYFvXOhc/b3PSQ
umVVwzDDD4JCsD8X/UImXhvLyd2sbWXi6YVI0xECSAmv07XJLwodlNf6MPtcXakR
33tVOeAXr+FpmacqARhKRoF16mkt8wAn9JmhW9gybSIgSKU9oayawjuXN6RnAMn6
BH2D8A0hIo4PS2zKcZ4XAGVYb7+NFaVPfvQ0OKBTs0dP+dXDOgnjKiShjzhGGEpx
YrQPiCnxx2rri2o9VWazm2XYQ5AfsXONSnJTVIDy3jc5WE9VRfcP/oxilAX4VRQw
PVvqJOLC+rap8ChqNgTa
=0XrA
-----END PGP SIGNATURE-----
More information about the HacktionLab
mailing list