Wordpress, other apps, and permissions

[theywill]

Hi there,

I've recently installed Joomla and Wordpress on my Plesk 10, CentOS 5.4 64 server. Both have required permission changes to get them working, especially Wordpress. There are the naughty kind of permission changes too, 777.

In looking at this more, Wordpress wants to be able to overwrite all the files within the web directory, for upgrades and theme and plugin installations. Quick references:

http://codex.wordpress.org/Updating_WordPress
http://codex.wordpress.org/Changing_File_Permissions

For Wordpess, all of your files "need to be owned by the user under which your Apache server executes." I don't think this is the case with Plesk. Please correct me if I'm wrong.

Does anyone know of a way to "fix" (resolve, change) this to avoid 777s and permission issues?

Thank you,
James

Edit: I wanted to point out that original PHP was running as a php module, but then I changed it to FastCGI for this account. Wordpress was still unable to ugprade itself.

 

[James Roe]

For Wordpess, all of your files "need to be owned by the user under which your Apache server executes." I don't think this is the case with Plesk. Please correct me if I'm wrong.

Does anyone know of a way to "fix" (resolve, change) this to avoid 777s and permission issues?

That is not the case with Plesk. On a Plesk server, files will be owned by a FTP user account created when you create the domain; the group is "psacln" and all Plesk FTP accounts are a member of that group. The Apache webserver runs under the user account "apache" and the group "apache". Because the web server account is not a member of the group nor does it match the FTP user account, directories must be 777 (instead of 755) and files need to be 666 (instead of 644) or the content manager (Joomla) and Wordpress can't write files to those directories. Another "problem" created is that all the files created by Wordpress or Joomla will be owned by apache and the group will be apache and the FTP user won't be able to delete or change those files.

I don't know any simple (or for that matter complex) way to avoid these issues that's safe - having directories and files that can be written by the webserver account is scary and one reason why I typically don't recommend that software.

 

[theywill]

This add-on allows PHP to run as the FTP user for a given domain.
http://forum.parallels.com/showthread.php?p=438196

Do you think that might solve Wordpress' need to write files, without making directories 777/666 or allowing Apache write access to the local files?

James

 

[Knarf]

In the hosting setting for the account, you can set the PHP handler type to FastCGI application (in stead of Apache module).
This way, the PHP user is the same as the FTP user, so you don't have to alter file permissions.
Just leave it 755 for directories and 644 for files.
This way you have two advantages: more safety and furthermore FastCGI provides site isolation (Apache module only provides site isolation if PHP safe mode is switched on).
I use this all the time for my Wordpress and other CMS systems.
The only drawback is FastCGI application consumes more memory, but you also can choose CGI application (but is slower).

 

[CCHickman]

To weigh in on this - AtomicTurtle's ruid2 is a wonderful solution.

I did FastCGI and found my server ended up totally memory leaking left and right and httpd crashed.

I develop Wordpress sites and have about 30 with this solution.

Each time I add a new site, I edit /etc/httpd/conf.d/ruid2.conf and add the domain:


<Directory /var/www/vhosts/[domain]/httpdocs>
RMode stat
RUidGid apache apache
RGroups apache psaserv
</Directory>

And restart httpd and like magic, it's done. No need to enter FTP credentials for plugins with Wordpress.

 

[toomanylogins]

Hello Chris,

This has been an ongoing problem for me with joomls. Could you please elaborate a bit more on AtomicTurtle's ruid2. I googled it and went to atomiccorp but couldn't find any install instructions. I guess this is a module I need to install but not sure which one.

Would appreciate some simple steps. I'm using Plesk 10.2 on a hosted vps

 

[CCHickman]

Hello toomanylogins,

I can sympathize - ART's RPMs are made for the choir -- there aren't really directions on how to use, but there are plenty of good discussions in the forums.

Here's how you can get it going.

Assuming that you can login via SSH as root --

cd /root
wget http://www.atomicorp.com/installers/atomic
chmod +x ./atomic
./atomic

This should install yum if you do not already have it and setup ART/Atomicorp's Yum Repos for your OS.

yum install mod_ruid2

--

Now to configure -

yum install nano
nano /etc/httpd/conf.d/ruid2.conf

--

Each time you add a new site, edit /etc/httpd/conf.d/ruid2.conf and add the domain as indicated below --

<Directory /var/www/vhosts/[domain]/httpdocs>
RMode stat
RUidGid apache apache
RGroups apache psaserv
</Directory>

And restart httpd and like magic, it's done. No need to enter FTP credentials for plugins with Wordpress or Joomla.

--

Hopefully this helps. I'm not a documentation writer

 

[toomanylogins]

Thanks Chris,
In the end I went with mpm-itk as my vps provider had the instructions. This seems to be broadly the same.
regards
Paul

 

[EduardH]

mpm-itk is some slower than mod_ruid2. Also mod_ruid2 can be better integrated to Plesk.
See also Plesk plugin controlling mod_ruid2: http://forum.parallels.com/showthread.php?t=106297

 

[Ari Sa]

This sounds perfect

I have not tried the script yet but this solution sounds perfect.

I went through many headaches to get to a solution - I can only guess at how many others around the world have also. One hint is how many hits o get on my post about this issue.

Here's my blog post that documents the process and research I've gone though and how i manually reset permissions for each new wordpress domain I add to my server
http://www.helloari.com/blog/2011/03/the-best-permissions-setup-for-wordpress-and-plesk/

 

[tkalfaoglu]

FastCGI is too slow and a memory hog. Unfortunately..

 

[tkalfaoglu]

I don't quite understand how to set it up. It's sometimes not up to me which hostings are set up (resellers take care of those).
Do I have to specify each domain in its config file (500+ domains)?
Or do I specify only the ones thatI want ruid2 to "sudo" for me?

Thanks, -t

 

[SandiC]

Hello CCHickman,

I read your instructions from your July 25, 2011 post and got as far as:

Now to configure -

yum install nano
nano /etc/httpd/conf.d/ruid2.conf

when I input this last line nano /etc/httpd/conf.d/ruid2.conf I got the following message: GNU nano 1.3.12 File: /etc/httpd/conf.d/ruid2.conf Modified

... with many more lines after it.

I think I lost you then on the next step when I add a new site:

Each time you add a new site, edit /etc/httpd/conf.d/ruid2.conf and add the domain as indicated below --

<Directory /var/www/vhosts/[domain]/httpdocs>
RMode stat
RUidGid apache apache
RGroups apache psaserv
</Directory>

And restart httpd and like magic, it's done.

Question: Can you clarify the next instructions? I am not sure how to edit the file you indicated and add the domain as you instructed.

Any help you can provide is GREATLY APPRECIATED!

Sandi C.

 

[EduardH]

This product automates domain / subdomain configuration, provides GUI and CLI to configure sites with ruid2, resolves statistics and protected directory issues.

It costs just $9 per Plesk server.