WordPress.org

Forums

Automatic Update - Host Pair.com (4 posts)

  1. toryj
    Member
    Posted 3 years ago #

    I have a WordPress install on Pair.com. I'm running v3.3.1. When I try to auto update I do not receive an error, but the update does not happen. Instead I receive a blank screen.

    The server meets the WordPress requirements. Please advise.

  2. jonovington
    Member
    Posted 3 years ago #

    I'm having the same issue with several pair installs.

    Updates end up with a white page error.

    I have tried EVERYTHING, right down to a fresh install with no luck. Thinking its a pair support related issue.

  3. toryj
    Member
    Posted 3 years ago #

    I've been working on Pair with this for the last couple of days. The issue is that by default the owner of the files on the Pair site is 'nobody'

    You need to add the following code to the .htaccess file found within the first folder of the WordPress install i.e. public_html > foo > .htaccess

    Code to add to .htaccess:
    Action application/x-pair-sphp5 /cgi-sys/php-cgiwrap/USERNAME/php5.cgi
    AddType application/x-pair-sphp5 .php

    Change 'USERNAME' to the username set up for the site's FTP access.
    http://codex.wordpress.org/Updating_WordPress

    You will then need to contact Pair and have them change ownership of all the WordPress files to the same name as the username.

    This should resolve the issue.

  4. dimlite
    Member
    Posted 3 years ago #

    If you use your account to host multiple properties, you need to think twice about this. Having your WordPress site running under your own account name means that any vulnerability in WordPress gives the attacker fairly significant abilities to modify a lot of other stuff within your public_html tree.

    I think this is the reason Pair defaults to running most web scripts under user nobody. I personally don't trust the underlying security in WordPress anywhere near as much as I do something like Wikipedia, where anything short of bulletproof is a complete show stopper. A few years back, WordPress had a reputation as a trivial hack. I don't know the score more recently.

    The contacting Pair thing has to do with directories owned by user "nobody". Ordinarily (from the command line) one would use sudo/su to chown these, but Pair is more locked down. On Pair "nobody" is the user that Apache runs under, so any directory created by PHP scripts running under Apache will have ownership "nobody".

    I did a very quick test along these lines:

    cd ~/public_html/mydomain
    cp -rp myblog myblog2
    mv myblog myblog1
    mv myblog2 myblog

    # lots of testing !!!!

    rm -rf myblog1

    In the copy, there were no "nobody"s so I think it works as advertised. WARNING: I didn't actually try to run the copy as this excerpt suggests.

    There's more discussion of the nobody issue here:

    How to delete “nobody” files from a directory I own in FreeBSD?

    I might just decide to bite the bullet and run a full site backup / site reinstallation cycle to achieve the upgrade under the existing security model. It's never a bad thing to dogfood your recovery plan. I had good backups for a MediaWiki site, but I didn't know that an upgrade to MySQL had changed the character encoding for some table columns to UTF8. When my site finally did melt down, my primary backups were all in the wrong encoding. The secondary XML backups were OK, but that's not a complete restore. Among other things, I lost all the media upload metadata.

    Moral: even if you test your backup/restore on day one, it can break underneath you due to ongoing system upgrades in other places.

    Rolling upgrades are great when it's easy to jump ship. For my Linux desktop, I could install any other Linux distro and move on. For my web properties, that's not so attractive.

Topic Closed

This topic has been closed to new replies.

About this Topic