WordPress.org

Forums

plugin automatic update is broken! (1 post)

  1. sweisman
    Member
    Posted 5 years ago #

    This is actually an old problem, and I only selected version 3.0 because we recently updated.

    The "update automatically" option is broken. WP checks if the plugin is OWNED by the same process it is running under. If the ownership doesn't match, it won't do an automatic update.

    Really, what it should be doing is checking if it has write permission for the plugin. For various reasons, INCLUDING SECURITY, our WP sites run under a different user than the files are owned by. However, the files and the server process share group ownership with full write permission. This is a security issue. So, by maintaining this INSANE code check, WP requires me to degrade my security for version after version.

    To summarize, WP doesn't follow Unix conventions by completely ignoring the entire concept of groups and group membership.

    Can someone suggest a real solution, instead of the hack we are now using of making Apache run as a different user?

Topic Closed

This topic has been closed to new replies.

About this Topic