Support » Fixing WordPress » WP 3.9.2 CentOS 7 permissions

  • Resolved Applista

    (@applista)


    I installed and set new webserver with CentOS 7, Apache 2.4 and MySQL 5.6…
    When I downloaded and extracted WP files, it looks good, but when WP want that I have to write wp-config manually, I stood looking, because I set owner apache (httpd running user) and it’s group…
    Ok, I writed manually wp-config.php, but next trouble is that I want direct access to files (without FTP and any this things) – that means that I must set it in wp-config, that I did, but when I want to update to WP 4.0 (I’ve localized WP, that was only 3.9.2) and some themes updates, WP stuck, that cannot create folder, that I fixed with creating wp-content/uploads folder manually, but when I want to upgrade wordpress itself, it stuck at this:

    The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

    Can someone help me?
    Thanks

Viewing 12 replies - 1 through 12 (of 12 total)
  • A fix may be:

    chown -R apache:apache /var/www/html

    This will recursively set the owner of all files and directories as apache. From what I hear, however, it’s not as secure. But (for me, at least) this will allow all necessary edits without continually requiring permissions.

    This should fix:
    Editing wp-config.php
    Uploading Media
    Installing plugins without asking for FTP

    Thread Starter Applista

    (@applista)

    Yes, I’ve done it several times…, but it doesn’t help 🙁

    Thread Starter Applista

    (@applista)

    Sorry, It was just stupid SELinux!!!

    I’ve just entered:
    setenforce 0
    and it now works 🙂

    Colin McDermott

    (@woodsandhillsplc)

    lazarbeam that was very helpful, just fixed the issue for me, thank you.

    chown -R apache:apache /var/www/html

    I know this is a few months old, but doing
    setenforce 0
    Is not a solution! It should only be used as a temporary test. There are many good howtos out there in dealing with WP and SELinux. At worst disable it only temporarily to do your WP update, turn it back on after.

    This is like disabling the firewall on a windows server so that you can RDP into it. (it will work but it is not a good idea)

    Thread Starter Applista

    (@applista)

    I don’t know, what is your security requiments, but for anybody, who doesn’t know how to use selinux you can turn off it with equanimity (btw it is bad to compare it with firewall and windows, it ISN’T like that !! – selinux for 99% systems cause more problems than benefits – it is useless software)

    and supplement for my last post:
    setenforce 0 is temporary solution until reboot, for permanent set (you don’t have to set it after every start) … you have to edit /etc/selinux/config and set instead of SELINUX=enforcing to SELINUX=disabled

    And an even worse idea is to permanently disable SELinux!! Never do this! Take the time to read about SELinux and how to set the rules, it is in place to protect your server (esp from users like Applista), it will log everything that is being caught in /var/log/audit/audit.log and if you have setroubleshoot installed it will log to /var/log/messages with simple sealert solutions.
    SE stands for Security Enhanced, if you turn it off, it IS exactly like disabling a firewall (a security system) to allow the flow of data.

    I think SELinux usually disallows httpd to network connect by default. You will probably just need to allow the connection.

    setsebool -P httpd_can_network_connect 1

    Thread Starter Applista

    (@applista)

    @claytonjames I’ve never discover this on RHEL distributions, but always selinux get things inoperative, like file writes for webapps wordpress etc.

    @crispee If you think, that this stupid software can protect you?, no just from discretion that you have just install wordpress site…, it is the world’s most hackable CMS…
    It doesn’t help with anything to get things better, if you need “security enhancment”…, it is better to write your own…

    @applista

    @claytonjames I’ve never discover this on RHEL distributions, but always selinux get things inoperative, like file writes for webapps wordpress etc.

    Well, just because you’ve never used it, doesn’t mean it doesn’t exist, or doesn’t work. 🙂

    This is a pretty old thread, so it’s not really going to benefit anyone by turning it into a debate of opinion, but there’s some great reference material and tutorials out there on using SELinux booleans. It’s pretty interesting stuff once you get into it and learn a little about how it works.

    I apologize for reviving an old thread, I should have just let it die, but sometimes I see people use “Disable SELinux” as a solution and it just grinds my gears.
    @applista so what you’re saying is that I should disable SELinux because WordPress is already full of holes…I have no reply to that, it speaks for itself. 🙁
    I agree with ClaytonJames, SELinux has come a long way, and is actually fairly easy to manage.
    This will show you httpd related booleans:
    getsebool -a |grep httpd
    Since WordPress connects to a db, which hopefully in production doesn’t run on the same server than you will need to turn on:
    setsebool -P httpd_can_network_connect_db 1
    Funny enough if you just use repositories like epel to install wordpress you won’t have to do much.
    Anyway, hopefully at least maybe the next person isn’t just going to chmod 777, chown -R apache.pache and setenforce 0 everything, and will reconsider after reading this. 🙂

    Thread Starter Applista

    (@applista)

    Hmm if you tell it…, really I’m using this for our systems, when I install httpd (Apache) by yum (but WP not, it is deploed by custom macro) and it never stuck at this (I mean since our first linux ~about Redhat’s first releases) on anything like that… and these servers (VMs) are behind firewall (in DMZ) and it is accessible just for few responsible users (admins…) => selinux is really unnecessary for us…

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘WP 3.9.2 CentOS 7 permissions’ is closed to new replies.