WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 5 months ago

#34327 new defect (bug)

Check for filesystem write permissions done based on ownership instead of actual filesystem permissions

Reported by: Sling1 Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3.1
Component: Filesystem API Keywords:
Focuses: Cc:
PR Number:

Description

For security reasons, I don't run my httpd/fpm processes as the same user that owns my web content. This gives problems when trying to do various things in Wordpress such as updating themes/plugins/translations etc.

It all comes down to the function get_filesystem_method in wp-admin/includes/file.php, which bases the choice for direct filesystem access on the ownership of the filesystem resource(s) it's trying to access. Of course user ownership is not the only thing that can grant write permissions in the filesystem, the group owner and even things like ACL's can influence this.
I see that for WP updates there has already been a 'hack' made which is $allow_relaxed_file_ownership but there seems to be no way to use the same criteria for all other actions.

The core issue is that Wordpress bases its "Can I actually write files $here" decision not on the actual outcome of a filesystem action, but on assumptions about the file/directory owner being the sole factor in being able to write.

Please either

  • allow a global 'allow_relaxed_file_ownership' setting, or
  • actually perform a filesystem write check

so that people configuring their filesystem permissions properly don't need to lower their security in order to run Wordpress.

Thanks!

Change History (1)

Note: See TracTickets for help on using tickets.