Filesystem credentials? Very bad practice and totally unnecessary.
I was very unpleasantly surprised to see that I was asked for filesystem credentials to install a theme on my test installation of WordPress. Who came up with this terrible idea?
Any permissions you need to install themes, plugins and updates can be supplied at the webserver level. If the user can supply the application with filesystem credentials he’s in the position to change file system permissions in such a way that the application can install any file it needs. Technically there is absolutely no need to supply the application with filesystem credentials to install files in the webroot it already has access to.
Even if you argue that supplying filesystem credentials makes the installation slightly easier than telling the user to (temporarily) make installation files or directories writable this is still sending the wrong message: That it is acceptable to supply your credentials to untrusted applications whenever they ask for it. And yes, I say “untrusted” as it is unclear what kind of booby trap any of the php files of which the hundreds of themes consist contain. You should be using html templates with placeholders to avoid your application from being booby trapped by untrusted third party additions. The approach of using php files in templates makes them just as dangerous as plugins, a fact that many users might not realize.
In short, in my opinion any code asking for filesystem credentials should be ripped out and reworked so it informs the user which filesystem permissions need to be temporarily set to complete installation of themes, plugins or updates. This can even be semi automated by writing out scripts the user can use to set and unset these file permissions.
Such instructions should refrain from asking the user to set file permissions to 666 and directory permissions to 777. To write files apache uses either the uid or gid, it never needs world write permissions to touch any file. And in setgid setups as I use them instructing users to chmod directories to 777 then back to 755 or 555 causes serious breakage as now suddenly files will be created with the wrong gid. So instructions/scripts should use instructions like “chmod ug+w” and never absolute file permissions.
- The topic ‘Filesystem credentials? Very bad practice and totally unnecessary.’ is closed to new replies.