Wordpress/CMS and File Permissions

J

JoeS.

Perch
Hello,

I have an issue that has not been addressed to my satisfaction via support ticket, so I wanted to raise the issue here.

I have a number of client sites that use wordpress. Until recently, using the CMS interface to upload photos/files has worked very well, with directories set at 755. On most of these older sites, the "owner" was the name of the account, and the "group" was either the name of the account, or httpd.

Now, on every wordpress installation I do, the CMS is asking for 777 permissions in order to upload files.
I do not like having 777 permissions.

Also, when wordpress creates directories, they are set automatically to httpd, and 777 permissions. Unfortunately, the only way for me to change these permissions is to open a ticket, and that seems extremely cumbersome to me.

There has to be a better way of doing this. If I need to set permissions at 777 in order to allow clients to use the wordpress upload function, that's not a long-term solution. Likewise, if wordpress creates a directory, I need to be able to change the permissions to 755 without opening a trouble ticket each time.

Please advise.
 
This is not a problem. PHP on linux accounts here work in webserver user (httpd) privileges. Thus all files/folders created by PHP have ownership set httpd:httpd. We run an automated script every 24 hours that return this ownsership back to your user. If you need it done early, just drop in a ticket and we will do the needful.

Yes, we are agree that 777 permission is not good due to security reasons. But 777 is require only in case of "Uploads" folder is having httpd ownership. If "Uploads" folder is havaing account user ownership and 755 permission then you will not have to face any issue while uploading files. Please update your ticket again if you are still facing issue while uploading the files.
 
We run an automated script every 24 hours that return this ownsership back to your user.
Click to expand...
When is this normally done?
I was working on a site yesterday, around 3:00pm CST and stopped when I had several folders with ownership issues.

As of this morning (currently 11:30AM) the permissions have not been reset. Obviously it's not been a full 24 hours, but I assumed this auto script would be running late at night!
I'll submit a ticket shortly, just wondering what the normal process is
This is on Web15 / CL1.

Thanks!
 
I don'tt hink this is working. I've tried several times to get a straight answer through tickets and eventually JH told me that it was being worked on. As far as I can tell, if php creates a directory, it's going to stay httpd and 777 until I open a ticket and have them change it. This really kind of sucks. It would be nice if we could either get this fixed or get a straight answer about it.
 
Sorry for the inconvenience. We are still in process to fix this issue as soon as possible. We have updated your Support ticket "BIX-99292-107" with all the detail related this issue. Please check the same.
 
Dear Jodohost'ers: this problem is still unresolved. I'm trying to dig out from under a pharma hack on a site, and it's pretty much impossible because the permissions are not being reset on the server. Once a file/folder is owned by httpd it seems to stay that way, effectively locking out the administrator of the site from doing anything with those files. Can you please find a fix a.s.a.p. -- it leaves our sites and customers vulnerable when malicious code can't be removed because your servers insist on locking us out.
 
thingwarbler said:
Dear Jodohost'ers: this problem is still unresolved. I'm trying to dig out from under a pharma hack on a site, and it's pretty much impossible because the permissions are not being reset on the server. Once a file/folder is owned by httpd it seems to stay that way, effectively locking out the administrator of the site from doing anything with those files. Can you please find a fix a.s.a.p. -- it leaves our sites and customers vulnerable when malicious code can't be removed because your servers insist on locking us out.
Click to expand...
Do you have a ticket in for this?
For future, we will be working on major manual changes that we have already tested on some of our new servers to get rid of httpd ownership of php created files.
 
Has any progress been made here? I am actively suggesting that my web design clients find other hosting until this gets resolved, because the utility of wordpress is severely limited if I need to open/close permissions every time I need to upload files.
 
JoeS. said:
Has any progress been made here? I am actively suggesting that my web design clients find other hosting until this gets resolved, because the utility of wordpress is severely limited if I need to open/close permissions every time I need to upload files.
Click to expand...
I think you are on cluster1?
If yes, this will be done after Hsphere upgrade otherwise anything the changes will be overwritten.
 
You must log in or register to reply here.
Back
Top