theme upload / delete fails due to update.php / themes.php ownerhip
|Reported by:||foresto||Owned by:|
Wordpress 2.8.4 theme uploads through the admin UI are failing due to a file ownership issue, even when file ownership and permissions are set exactly as recommended in the Wordpress docs:
"All files should be owned by your user account on your web server, and should be writable by your username. Any file that needs write access from WordPress should be group-owned by the user account used by the webserver."
"For core WordPress files, all should be writable only by your user account."
I had the ownerships and permissions set exactly as recommended by the wordpress web site, yet uploading a theme still failed. It also failed when I gave the wordpress/apache process full permissions on *every* file and directory in the whole installation. It finally worked when I changed the ownership of "wp-admin/update.php" to be that of the apache user. Mind you, wordpress already had full rights to that file; changing the ownership didn't give it any more abilities than it already had.
It seems wordpress is arbitrarily failing because it thinks update.php should be owned by the apache user, even though that goes contrary to wordpress.org recommendations and standard unix security practices.
There is a similar problem deleting a theme when "wp-admin/themes.php" is not owned by the apache user.
Change History (5)
- Component changed from General to Upgrade/Install
- Keywords reporter-feedback added