Opened 7 years ago
Closed 5 years ago
#40572 closed defect (bug) (fixed)
.htaccess has incorrect permissions after installation
Reported by: | i3anaan | Owned by: | rcutmore |
---|---|---|---|
Milestone: | 5.4 | Priority: | normal |
Severity: | normal | Version: | 4.7.4 |
Component: | Upgrade/Install | Keywords: | good-first-bug has-patch needs-testing |
Focuses: | administration | Cc: |
Description
Having used the WordPress installation instructions and the .htaccess was installed on the server with 0600 permissions, instead of 0644 permissions (like all the other files). This caused our installation to function incorrectly, denying access to at least the login page.
Steps to reproduce:
- Install wordpress
- Fill in online 'setup' (the one where you choose admin credentials)
- Be redirected to the wp-login.php
- Get a 403 error
Attachments (1)
Change History (10)
#2
@
7 years ago
Hey @dd32, thank you for your response!
I just want to verify that for now there is no further action required from my side?
#3
@
7 years ago
@i3anaan Correct! We don't need anything from you at present, when there's a patch uploaded or a commit to WordPress testing a fresh WordPress install in a subdirectory install to verify it fixes it would be appreciated - but not needed.
Thanks for taking the time to report the issue!
#4
@
7 years ago
Hi @dd32
I added 40572.patch to ensure a minimum set of permissions when creating the .htaccess
file. I manually tested the patch and it resolves the issue for me when using a server umask of 0066. Should there be a unit test created for this?
#6
@
7 years ago
- Owner set to rcutmore
- Status changed from new to assigned
Assigning ownership to mark the good-first-bug
as "claimed".
Welcome to the WordPress Trac @i3anaan
WordPress doesn't specify what permissions the
.htaccess
file should be created as, defaulting to whatever the server defaults to.A Server with a umask of
0066
seems unlikely, but appears to be the case here.It looks to me like we can probably always set the file permissions to a minimum of
0644
using something like the following in the creation branch ofinsert_with_markers()
:In order to test implementation details of this, it might be helpful to whomever patches this to put
umask( 0066 )
into yourwp-config.php
file to simulate the reporters environment and test your patch's effectiveness.