WordPress.org

Ready to get started?Download WordPress

Forums

A couple quick questions about installing multi-site (6 posts)

  1. ted.byers
    Member
    Posted 1 year ago #

    I downloaded the latest WordPress just an hour ago (though I have installed previous versions on virtual boxes running either Suse or Ubuntu).

    The current installation is on Ubuntu. I have created the wordpress DB and user in MySQL, as directed, and unpacked the wordpress archive. I am about to copy the contents of the resulting directory to /var/www, which is the root directory for the web server. But, do I copy the wordpress files there as myself (a mere mortal) or as root? And do I need to create a wordpress user for the system (the hardware in question is mine - I am not using a hosting service). Also, do I need to install an ftp server, for the purpose of supporting WordPress' update capability (I recall on a previous install, on a virtual machine, it asked for informatin about an ftp server, and as I recall I encountered problems with scrips failing because they didn't have write permission. These questions do not appear to be addressed in the documentation I have found so far, and I want to avoid issues related to using and configuring it, and upgrading it, by making sure I get these things right from the start.

    Thanks

    Ted

  2. ted.byers
    Member
    Posted 1 year ago #

    One thing that might help someone advise, is I found on http://codex.wordpress.org/Updating_WordPress the following:

    (a) file ownership: all of your WordPress files must be owned by the user under which your web server executes. In other words, the owner of your WordPress files must match the user under which your web server executes. The web server user (named "apache", "web", "www", "nobody", or some such) is not necessarily the owner of your WordPress files. Typically, WordPress files are owned by the ftp user which uploaded the original files. If there is no match between the owner of your WordPress files and the user under which your web server executes, you will receive a dialog box asking for "connection information", and you will find that no matter what you enter in that dialog box, you won't be able to update automatically.

    (b) file permissions: all of your WordPress files must be either owner writable by, or group writable by, the user under which your Apache server executes.

    The question is, when I own the hardware, and am running ubuntu, how do I ensure that these two conditions are satisfied? And do I need to set up an ftp server on this machine to support the update process? (I do not need ftp on this machine for anythng else.).

    Thanks

    Ted

  3. TCBarrett
    Member
    Posted 1 year ago #

    In this case it is not a case your physical ownership of anything. It is about the user-accounts in the operating system and their ownership of (or acess to) the files on the disk (virtual or otherwise).

    https://help.ubuntu.com/community/FilePermissions
    http://manpages.ubuntu.com/manpages/lucid/man1/chown.1.html
    http://manpages.ubuntu.com/manpages/lucid/man1/chmod.1.html

    So in this case 'ownership' means correct use of 'chown' and 'permissions' is correct use of 'chmod'.

    Hope that helps.

  4. ted.byers
    Member
    Posted 1 year ago #

    OK, good so far, but how do I find out what the user name is that the web server operates under (is thee a command I can issue in a terminal that will tell me)? The WordPress says the owner is usually the ftp user that uploade the files, but I didn't use ftp. I used wget in my own account. So, I guess I am the owner of all the wordpress files in my Downloads directory. How, then, would I give ownership of WordPress files to the use that apache runs under (after I find out what that user name is), and which files? Certainly not all, right? Or is it safe to give ownership of all the files in the WordPress distribution to the web server user? And, then, how do I ensure that in trying to get this done, I do not open up security vulnerabilities (more likely by mistake as I am a programmer, not a system administrator).

    Might I suggest adding a couple lines to the documentation, both for the install and for the upgrade, to show the commands (specific to Linux as I doubt Windows is so picky/secure) to do it right while keeping the system/webapp as secure as is practicable. (In the past two weeks, I have been told by colleagues of their WordPress systems having been hacked; though in one case, it was apparently so bad that it is more likely that the server was hacked, and the WordPress files getting mangled after the hacker got root access). Hence my concern to be sure to get it done right.

    Thanks

    Ted

  5. ted.byers
    Member
    Posted 1 year ago #

    Actually, it seems it gets more complicated, as I found http://codex.wordpress.org/Hardening_WordPress and it talks about group ownership, and that I hould retain ownership of some selection of the WordPress files. While the basic concepts are clear enough, it is looking more complex if one wants to be sure the wole site is as secure as it can be made. I don't understand the documentation for chown and chmd well enough to be able to see how to follow the directions provided on the Hardening Wordpess page when it comes to file permissions, and still have the update work properly. A little extra guidance is needed.

    Thanks

    Ted

  6. File ownership with Multisite is 100% the same as single site WordPress. In so far as that goes, you're now asking us unix questions, which we're really not in a place to give you detailed directions on. Your webhost should have some directions.

Topic Closed

This topic has been closed to new replies.

About this Topic