Pubilc_html\WordPress Ownership and Permission Question
Directory structure: /srv/www/mydomain.name/public_html
Here are my priorities and goals.
1. Security
2. Allow Wordpress to write to public_html
3. Allow MyUser to write to public_html
4. Do not allow www-data\apache to write to public_html
The problem I am having trouble wrapping my head around is that WordPress uses www-data\apache for permission to write to certain files and directories. Obviously, allowing www-data to write to publichtml is a security risk, but only allowing MyUser to write to publichtml takes permissions away from Wordpress. Right now my directories are 755 and files are 644.
Is this a caveat of using /srv/www instead of /home/MyUser? I did find this link that explains my problem better but I'm apprehensive to apply the solution as I don't understand it and from a security standpoint, I don't try a idea unless I understand exactly what it does.
Any ideas on this one? Thanks in advance.
4 Replies
1) The directory/file is 755/644, and owned by the user who runs Wordpress.
2) The directory/file is 775/664, and the user who runs Wordpress is in the group which the directory/file belongs to.
3) The directory/file is 777/666, and this is usually a bad idea.
You can accomplish 1) by using suexec+fastcgi. You can google for tutorials on how to make Apache run as a different user depending on the domain. This is probably the most secure way to run multiple sites on the same server using Apache & PHP, but it's quite a bit of hassle.
You can accomplish 2) by adding www-data to the user's group. This is a little tricky to set up properly, but it works pretty well as long as open_basedir restrictions are also set up properly. I sometimes use this method if I don't want the hassle of suexec+fastcgi and if I have reasonable trust in the quality of my webapps.
BTW, if this Wordpress the only site on your linode, you might as well dump Apache and try lighttpd or nginx. It's often easier to set up FastCGI with those servers. There are plenty of tutorials out there, too.
Change ownership of the files and directories to MyUser and add the user who runs WordPress to MyUsers group
Expand directory permissions to grant MyUser's group write access (775/664)
Use open_basedir restrictions to exclude php execution from certain directories where it is not explicitly required.
AllowOverride None
phpadminflag engine off
phpadminvalue open_basedir none
If I understand the security goal correctly, this sounds like a fairly secure setup as long I keep WordPress up-to-date and continue to be cautions with plugins by checking their source code before installing.
In regards to using lighttpd or nginx instead of Apache, I agree Apache should be my last choice. I went with Apache because basically, I had never set up anything besides a localhost install of XAMPP on a windows box before last week. Jumping into the most documented solution, that allowed me to keep my .htaccess files, seemed like the safest bet to get rolling.
open_basedir = /srv/www/this.site.com:/tmp
This restricts PHP to its own home directory and /tmp (which is a common location used for file uploads and the like). If you need to allow additional locations, use the colon ( : ) to separate the entries.
A lot of people believe that open_basedir is a broken security feature, and it actually is a nasty hack. But it's the still the best protection you can have while running PHP as the Apache user (www-data).
I see why many think using open_basedir is a broken hack as when you search on any forum the first 3 pages of results are people having problems with it. It is still going to be supported in php6 though, so obviously it still serves a purpose for many admins out there.