teejmonsterLet me preface this by saying that I have attempted to find an answer to my question in the forums. I swear I'm not trying to "noob" here.
I have an interest in WordPress hardening. I found the the following script that claims to simplify setting permissions and ownership:
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro <mike [at] conigliaro [dot] org>
#
WP_OWNER=root # <-- wordpress owner
WP_GROUP=root # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=www-data # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php
# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess
# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;The script modifies WordPress installs to look like this:
drwxr-xr-x 0755 root root .
-rw-r--r-- 0644 root root index.php
-rw-r--r-- 0644 root root readme.html
-rw-r--r-- 0644 root root wp-activate.php
drwxr-xr-x 0755 root root wp-admin
drwxr-xr-x 0755 root root wp-admin\js
-rw-r--r-- 0644 root root wp-admin\index.php
-rw-r--r-- 0644 root root wp-app.php
-rw-r--r-- 0644 root root wp-atom.php
-rw-r--r-- 0644 root root wp-blog-header.php
-rw-r--r-- 0644 root root wp-comments-post.php
-rw-r--r-- 0644 root root wp-commentsrss2.php
-rw-rw---- 0660 root www-data wp-config.php
drwxrwxr-x 0775 root www-data wp-content
-rw-rw-r-- 0664 root www-data wp-content\index.php
drwxr-xr-x 0755 root www-data wp-content\plugins
drwxr-xr-x 0755 root www-data wp-content\themes
-rw-r--r-- 0644 root root wp-cron.php
-rw-r--r-- 0644 root root wp-feed.php
drwxr-xr-x 0755 root root wp-includes
-rw-r--r-- 0644 root root wp-links-opml.php
-rw-r--r-- 0644 root root wp-load.php
-rw-r--r-- 0644 root root wp-login.php
-rw-r--r-- 0644 root root wp-mail.php
-rw-r--r-- 0644 root root wp-pass.php
-rw-r--r-- 0644 root root wp-rdf.php
-rw-r--r-- 0644 root root wp-register.php
-rw-r--r-- 0644 root root wp-rss2.php
-rw-r--r-- 0644 root root wp-rss.php
-rw-r--r-- 0644 root root wp-settings.php
-rw-r--r-- 0644 root root wp-signup.php
-rw-r--r-- 0644 root root wp-trackback.php
-rw-r--r-- 0644 root root xmlrpc.phpWith these permissions, WordPress fails to install plugins and updates. I believe that much of the issue is because "root" owns most of the directory, rather than "www-data".
Is there any reason for me not to "chown www-data:www-data" the entire directory?
