WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] plugins create files I don't "own" (5 posts)

  1. yosemite
    Member
    Posted 8 years ago #

    Such as fgallery, IImage... Even the cache directory in wp-content.

    Not a big issue except the files are frequently created with 644 permissions which means I have a difficult time deleting/modifying.

    For example; In wordpress admin (post:write) I can use the iimage button to upload an image, but I can't edit it. I log in with an ftp client and I don't own it and the permissions on it are 644.

    What am I missing here?

  2. moshu
    Member
    Posted 8 years ago #

    What am I missing here?

    Probably the contact address of the plugin authors :)

    Seriously, those are very valid questions, I just don't think that we can offer any real help, since we didn't write the plugins.
    Your best bet would be to contact the plugin authors with your concerns.

  3. yosemite
    Member
    Posted 8 years ago #

    It's good to know that it is considered unusual behavior... When I saw the wordpress\wp-content\cache\ folder was not owned by me, I thought it might have been a familiar issue (to wordpress users).

    And anyway, my host said it was a WordPress issue ;')

  4. Chris_K
    Member
    Posted 8 years ago #

    Well, here's the rub. It largely depends on how your apache is configured (more specifically: WHO it is configured to run as)

    Any files/folders that are created "programmatically" will be owned by the Apache account.

    So, for instance, in your case (and mine), I'm one user and my apache server runs as "apache". Stuff I put there, like the original install, is owned by me. Stuff created along the way via plugins or just normal WP operations like /cache, is owned by Apache.

    In my case, no big deal -- I also can su as root and chown files when I need to modify them. If you're in a hosted environment you likely don't have that luxury. ;-)

    I think, and have no practical experience with it, that apache can be configured via suexec to run as you which would then have all those programmatically created things be owned by you. Again, I've not messed with it, but here's a link for more info: http://httpd.apache.org/docs/2.0/suexec.html

  5. yosemite
    Member
    Posted 8 years ago #

    Suexec would address my issue... I've got a ticket open with my host.

    After researching, it appears that to protect itself, Apache defaults to forcing executables to be run as 'nobody' (presumably so that it cannot run rampant over other users files on a shared host).

    Is it possible to change the php script doing the uploading/file-creation to at least create files with 664 permissions (rather then the current 644)??

    Or am I breaching off too far into non-WordPress land? ;')

Topic Closed

This topic has been closed to new replies.

About this Topic