Permissions on wp-cache-config.php too strict

  • timkite

    (@timkite)


    6 years, 9 months ago

    I’m not sure if this a reintroduced bug or what, but any time a setting is changed in wp-super-cache, the wp-cache-config.php file gets set to mode 0600 and re-owned to the web server process (apache), which makes me think it’s re-creating the file rather than editing it and is also ignoring the file mode I set in wp-config.php.

    This doesn’t break the site, but does prevent server processes running as another non-privileged user (web, used by wp-cli) from touching that file since whatever wp-super-cache is doing is also clearing the ACL mask, giving that user an effective 000 permission.

    I’m working around this by running a permission fix on all sites prior to most operations by the non-privileged user, but that’s expensive and I’d rather the permissions just stay correct.

    Note: apache’s umask is 022, and issue is still present in wp-super-cache 1.7.0.

Viewing 4 replies - 1 through 4 (of 4 total)
  • dimal

    (@dimalifragis)

    6 years, 9 months ago

    True. WPSC changes wp-config to 600 and that creates all kind of problems. Not only what you mention.

    And for me (Litespeed) it breaks the website totally.

    Thread Starter timkite

    (@timkite)

    6 years, 9 months ago

    I’m at least able to avoid WPSC mucking with wp-config.php’s permissions by preventing write access to pretty much everything in WordPress from the web server process save what it explicitly needs. On my installs WordPress can only modify the contents of wp-content, minus the plugins and themes folders. Authorized users can use SFTP to do things like change wp-config, update WordPress, or manage themes and plugins. Removing the web server’s access to wp-cache-config.php, however, means that the WPSC’s GUI no longer works for changing settings, forcing site users to make those settings changes by hand, which is less than ideal.

    The only workaround I have for that so far is a cron job that runs through every so often and fixes permissions, hopefully before it matters.

    dimal

    (@dimalifragis)

    6 years, 9 months ago

    No need for all that, after the plugin is active and caching enabled, just put back 644 to wp-config.php.

    What puzzles me is why a plugin messes up with permissions. Not normal imho.

    Thread Starter timkite

    (@timkite)

    6 years, 9 months ago

    Oh, I don’t lock down permissions for WPSC. I lock them down to reduce attack surface. It’s just a happy coincidence WPSC can’t break sites by changing wp-config.php’s permissions.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Permissions on wp-cache-config.php too strict’ is closed to new replies.