#8400 closed defect (bug) (wontfix)
Plugin upgrade not possible without being script owner
Reported by: | sigvei | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.6 |
Component: | Plugins | Keywords: | |
Focuses: | Cc: |
Description
In my server setup, I have wordpress located in $HOME/wordpress, and that is symlinked to a public www directory. The files in $HOME/wordpress are owned by me, with www-data (webserver's group) as group owner. Files and directories are readable and writable by both owner and group. This means I won't have to have root access to upgrade wordpress, and yet I am still able to edit plugin and theme files.
This means plugin upgrades should be possible. However, get_filesystem_method in wp-admin/includes/file.php checks whether direct access is possible by doing this:
$temp_file = wp_tempnam(); if ( getmyuid() == fileowner($temp_file) ) $method = 'direct'; unlink($temp_file);
With a standard server setup, $temp_file will be owned by the user owning wp-admin/update.php. In my setup, that means this check fails.
I am not quite at the patch stage here, as I am not quite sure of the permission needs of plugin update files. But testing whether the owner of update.php is the same as the owner of the apache process seems like a clear bug to me. It isn't relevant to the task.
Indeed the current setup does not check Group ownerships, The main problem with supporting that method is that new files will be created as owned by www-data, and not as by your username, which will then cause problems, specifically which were to be worked around by the FTP methods.
You can use a plugin such as the one below to force it to use the Direct Method regardless (And take the onus of any problems on yourself):