Wordpress directory permissions issues

[craigh]

Hi there,

I'm running into directory permission issues on a Plesk 11.0.9 server that I have never run into before with any other Wordpress website on any other server, and they simply don't make sense.

Wordpress was installed on the server by a web developer manually, not via Plesk. I have no reason to be concerned about the installation of Wordpress, and in fact I myself prefer to install Wordpress manually rather than using Plesk. However, there have been issues from the start with things like uploading media files.

This particular site went live in December, and this month (with the change of year and month) Wordpress created two new directories:

• /var/www/vhosts/example.com/httpdocs/wp-content/uploads/2015
• /var/www/vhosts/example.com/httpdocs/wp-content/uploads/2015/01

This is what they look like:

[11:32:24 root@server uploads]# pwd
/var/www/vhosts/example.com/httpdocs/wp-content/uploads
[11:32:29 root@server uploads]# ls -la
total 36
drwxrwxr-x 9 user   psaserv 4096 Jan  1 08:04 .
drwxrwxr-x 6 user   psaserv 4096 Dec 13 00:48 ..
drwxrwxr-x 3 user   psaserv 4096 Dec 11 22:48 1998
drwxrwxr-x 3 user   psaserv 4096 Dec 11 22:48 2006
drwxrwxr-x 4 user   psaserv 4096 Dec 11 22:48 2010
drwxrwxr-x 4 user   psaserv 4096 Dec 11 22:48 2012
drwxrwxr-x 9 user   psaserv 4096 Dec 11 23:01 2014
drwxrwxr-x 3 apache apache  4096 Jan  1 08:04 2015
drwxrwxr-x 6 user   psaserv 4096 Dec 18 23:34 gravity_forms
[11:32:33 root@server uploads]# ls -la 2015
total 12
drwxrwxr-x 3 apache apache  4096 Jan  1 08:04 .
drwxrwxr-x 9 user   psaserv 4096 Jan  1 08:04 ..
drwxr-xr-x 2 apache apache  4096 Jan  1 08:04 01
[11:32:40 root@server uploads]#

Now, I changed the ownership of the older directories to "user : psaserv" in line with previous practice on previous servers under earlier versions of Plesk that I have been using for years. This has always worked. But even so, you can see that Wordpress successfully created the "2015" and "01" directories, and the permissions indicate that the "apache" user should be able to write to both directories. And yet Wordpress reports, "Upload folder is not writable. Export and file upload features will not be functional."

I don't get it. It's right there in black and white that the "2015/01" directory is writeable by the "apache" user that created the directories in the first place.

In my research I have come across the threads at http://talk.plesk.com/threads/web-directory-ownership-permissions-problem.95939 and http://talk.plesk.com/threads/wordpress-owner-group-permission-issues.108025 , but neither address my problem in that the permissions are correct (as far as I can see) but Wordpress complains. There is also a thread in the Wordpress.org support forums at https://wordpress.org/support/topic/wp-asking-for-my-ftp-credentials-to-install-plugins that basically ends with, "Then you should probably talk to your web-host ..." but that's us in this case (not the case in the Wordpress support forum). Perhaps I should post to the Wordpress.org support forum, but something tells me this is a Plesk configuration issue, not a Wordpress issue, and so here I am.

Based on the information at http://download1.parallels.com/Ples...inistrator-guide/index.htm?fileName=70669.htm I initially decided to run PHP as a FastCGI application on this server. However, this created endless problems with Wordpress websites that culminated with PHP crashing, and all PHP sites not working. After considerable research and advice, I reverted to running PHP as an Apache module, and that solved those problems. This site is running PHP as an Apache module. The second Plesk forum link in the last paragraph ( http://talk.plesk.com/threads/wordpress-owner-group-permission-issues.108025 ) includes a dead link to a Media Temple article, and I found another article at https://kb.mediatemple.net/questions/1999/Resolve+FastCGI+Issues entitled "Resolve FastCGI Issues". Some of the issues that are addressed by the suggestions in this article may address the issues we had previously when running PHP as a FastCGI application, but I'm very leery of going back to running PHP as a FastCGI application after my experience.

To summarise:

1. Am I blindly missing something in the ownership and permissions of the relevant directories above that would prevent Wordpress from uploading/moving files to the /var/www/vhosts/example.com/httpdocs/wp-content/uploads/2015/01 directory?
2. Would running PHP as a FastCGI application on this particular website address the complaint from Wordpress that the "Upload folder is not writable"?
3. Does anybody have any idea what the root cause is of what's going on here that I don't see on other servers?

Thanks in advance for any help anyone can provide.


Craig

 

[craigh]

Update: I tried configuring PHP to run as a FastCGI application and it didn't fix Wordpress' complaint that the "Upload folder is not writable."

 

[Lloyd_mcse]

The user and group should be..

username : psacln
not
username : psaserv

Looking at mine the only folder that should be

username : psaserv

is the cgi-bin.

I hope that helps

Kind regards

Lloyd

Edit: My permissions on the uploads folder is 755.

 

[craigh]

Hi Lloyd,

Thanks for your reply. However, as far as I know the "psaserv" group includes the "apache" user, while the "psacln" group does not:

[13:02:42 root@server uploads]# grep psacln /etc/group
psacln:x:504:
[13:02:57 root@server uploads]# grep psaserv /etc/group
psaserv:x:503:apache,psaftp,psaadm
[13:03:04 root@server uploads]#

The point is to allow the "apache" user to write to the directories in question, and this is done by assigning group ownership of those directories to the "psaserv" group and (of course) allowing the group to write to them ... and this works for those directories.

However, when Wordpress creates directories as the "apache" user, Wordpress complains that it can't write to them even though it just created them and the permissions clearly show that they allow the "apache" user to write to those directories!

Am I missing something?


Craig

 

[craigh]

Lloyd, with respect to your edit ("My permissions on the uploads folder is 755") I don't see how your web server (presumably Apache) can write to the upload folder if the directory is owned by the user and not the web server, and assuming that the "psacln" group on your server does not include the "apache" user.

 

[UFHH01]

Hi craigh,

please have a look at your configuration file "your_domain.com.conf" for FastCGI, which is located at "/etc/php5/fpm/pool.d" or "/etc/php/fpm/pool.d" ( depending on your very own system configuration - if the both paths don't fit your system configuration, please use the command "locate your_domain.com.conf" to direct you to the desired location ). You might notice, that the process should be owned by user = your_domain_admin_user and group = psacln. Even that the listen definition includes the group "psaserv", this process is still owned by "psacln" and this is the reason why you shouldn't modify the initial settings, that ALL folders under ../httpdocs/* have the permissions user = your_domain_admin_user and group = psacln.

The systemuser apache ( or www-data on Debian/Ubuntu ) should be a member of the group psacln and if you use nginx as well, then the systemuser nginx should also be a member of psacln, in order to avoid issues.

Please don't rely on messages from wordpress, if you try to investigate issues on your domain - use the access- and error - logs for the specific domain instead, which should normally push you into the right direction, where the cause of any issue might be.

 

[craigh]

Hi UFHH01,

Thanks for your reply. I do not have either of those directories on my system, and using "locate" yields no results for the file using the actual domain (with ".conf" appended) in question. But then, as I said, I am not using FastCGI.

As far as "apache" being a member of the group "psacln" -- what I showed above is what was set up by default by Plesk. I have not taken it upon myself to override Plesk's default configuration. I am not using nginx.

As for not relying on error or status messages from Wordpress -- well, the fact is that attempts to upload through Wordpress fail, and unfortunately there is no useful information in the access_log or error_log files. And now I have manually fixed the ownership and permissions, so I can't reproduce the error without undoing that ... which is not a problem for me to do, but then you don't seem to think the error message displayed by Wordpress is of any use, so there doesn't seem to be any point in my reverting the configuration to reproduce it.

Actually, going by the screenshot from the client the error message is:

"FILE_NAME.EXT" has failed to upload due to an error
Unable to create directory wp-content/uploads/2015/01 . Is its parent directory writable by the server?

The thing is, as I've already stated, the directory "wp-content/uploads/2015/01" already exists, was created by Wordpress, and it and its parent directory have appropriate permissions allowing the "apache" user to write to it.

In what documentation does it say that "you shouldn't modify the initial settings, that ALL folders under ../httpdocs/* have the permissions user = your_domain_admin_user and group = psacln"? I've been using Plesk since version 7, and there have been *plenty* of instances over the years where it has been desirable or even necessary to modify default configuration settings, including in file and directory ownership and permissions.

What you and Lloyd seem to have missed is that Wordpress created the upload directories, which were then owned by apache:apache. You're looking instead at older directories where I have manually set up ownership (user : psaserv) and permissions that *DO* work, while the ownership and permissions of the directories created by Wordpress *should* work (in my opinion) but do not.

Thanks.


Craig