Wordpress Permission nightmare on Centos 7 - wordpress

I have an installation of wordpress on a remote server on
/var/www/html/site.com/public_html
with a virtual host that point to this folder with AllowOverride All
the pointing works.
now i have set ownership of all folder to the user:apache
and included the user in the apache group
all folder are setted to 755
and file to 644
wp-config.php to 440
wp-content to apache and 755
The problem arrives when i try to download plugin/themes upload photos ecc. form the interface.
I have created even sftp server on the machine and setted an rsa_key in user folder.
then with plugin ssh-sftp-updater-support I have enabled ssh2 but the error says "could not create directory"
can someone help me out on this nightmare?

Under which user is PHP running? If it's not apache, then it can't create directories because it's not owner (755 permission). To see the user under which the PHP is running try the following code
<?php
system('/usr/bin/id');
?>
The server may use mod_ruid or suEXEC to allow PHP to run under different users.
If PHP is indeed running under something else than apache, you will need to change the ownership or chmod the folders to 777.

Related

WordPress Permission Issues with LAMP in Debian 10

I created a LAMP server in Debian 10 on Google Compute Engine.
Instead of using /var/www/site/html I want to use /home/user/site/public_html as a root directory for site.
I added following code in /etc/apache2/apache2.conf to enable home directory for sites.
<Directory /home/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
The permissions for public_html for all sub directories is 775 and for all files is 664.
Ownership for all files and folders including public_html is user:www-data
My site is installed and running but I am unable to install any of plugins because WP is unable to write to the directory. I am getting this message when I try to install plugin.
How to Fix this issue?
EDIT
However if I set the ownership to www-data:www-data then I can install plugins but in this case the user can't use FTP to make any changes to the folder.
Please guide me how can I achieve both.
The solution that comes to my mind is that the user gets the sames rights as that of www-data. In that case we can assign ownership as user:user. So FTP will also work and Plugins will also be able to install.
But I don't know how to achieve this i.e. to assign the rights of www-data to any user?
I have got one solution. If I add the user to www-data group using following command
sudo usermod -a -G www-data user
then user can make changes to the folder once accessed through FTP.
I could find the solution by installing an apache module mod_ruid2. For this the following article helped alot.
[https://www.jamroom.net/brian/documentation/guides/1202/configuring-apache-with-mod-ruid2]
But before you may need to install apsx for apache
sudo apt-get install apache2-dev
sudo apt-get install libcap-dev
The apache config file for each site shall include following code in the virtual host
<IfModule mod_ruid2.c>
RMode config
RUidGid USER USER
RGroups www-data
</IfModule>
<IfModule itk.c>
AssignUserID USER USER
</IfModule>

permissions for enabling FTP upload and automatic plugin install in Wordpress

I have a wordpress install and I want to be able to do the following two things:
automatically install plugins via the backend without providing an FTP/SSH user
upload files via FTP
To achieve point 1. I have read that I have to execute the following command: chown -R www-data:www-data /var/www. That means that the user/group www-data becomes owner of all files and folders in /var/www. After executing this command, the automatic installation of plugins works like a charm.
However, I now am not able to edit/upload files via FTP anymore. For FTP I use a different user named ftpuser. The following error is shown in my FTP client when I try to upload a new file: [Filename] open for write: permission denied
I put the ftpuser in the group www-data, hence I think that ftpuser should be able to write:
root#xyz:~# grep 'www-data' /etc/group
www-data:x:33:ftpuser
The file permissions on the folder /var/www are 755.
What is my issue here?
Can you please try by using the below code in wp-config.php :
define('FS_METHOD', 'direct');
Hope that will work.

Unable to locate WordPress Content directory (wp-content) - localhost on Mac

My configuration
- Mac OS 10.9
- XAMPP
- ProFTPD
- WordPress 3.8.3
Unlike most other posts on the internet for the same problem, I was not on some hosting website rather on a locally hosted instance on Mac.Everytime I tried to access the site, I got the error that the server was unable to locate the wp-content directory.
In macOS httpd server is executed as user "daemon".
Therefore you need to change ownership of htdocs to daemon user:
$ sudo chown -R daemon:daemon htdocs
After a few hours of tweaking around, I did the following
Delete previous installation of WordPress and install fresh copy
Set the permissions on wp-content directory via termina shell using the command chmod -R 777 wp-content. This sets the permission of all underlying files and folders as well
I went to this link and used the solution provided here - http://wordpress.org/support/topic/auto-update-failure-in-wordpress-27?replies=17#post-982487
Essentially, I added the following line at the bottom of my wp-config file - putenv('TMPDIR=' . ini_get('upload_tmp_dir'));
Vola!! it worked and I can now focus on more important things.

WordPress asking for my FTP credentials to install plugins

I installed a WordPress blog in my local system. But when I try to add plugins from admin it asks for FTP access. What do I need to configure for WordPress to be able to upload without FTP?
Try to add the code in wp-config.php:
define('FS_METHOD', 'direct');
If you are using Ubuntu.
sudo chown -R www-data:www-data PATH_TO_YOUR_WORDPRESS_FOLDER
"Whenever you use the WordPress control panel to automatically install, upgrade, or delete plugins, WordPress must make changes to files on the filesystem.
Before making any changes, WordPress first checks to see whether or not it has access to directly manipulate the file system.
If WordPress does not have the necessary permissions to modify the filesystem directly, you will be asked for FTP credentials so that WordPress can try to do what it needs to via FTP."
Solution:
In order to find out what user your instance of apache is running as, create a test script with the following content:
<?php echo(exec("whoami")); ?>
For me, it was daemon and not www-data. Then, fix the permission by:
sudo chown -R daemon /path/to/your/local/www/folder
If during installation of a plugin, Wordpress asks for your hostname or FTP details.
Then follow these steps:
Login to your server and navigate to /var/www/html/wordpress/.
Open wp-config.php and add this line after define(‘DB_COLLATE’)
define('FS_METHOD', 'direct');
If you get "Could not create directory" error. Give write permissions to your wordpress directory in recursive as
chmod -R go+w wordpress
NOTE. For security, revoke these permissions once you install a plugin as
chmod -R go-w wordpress
I changed the ownership of the wordpress folder to www-data recursively and restarted apache.
sudo chown -R www-data:www-data <folderpath>
It worked like a charm!
On OSX, I used the following, and it worked:
sudo chown -R _www:_www {path to wordpress folder}
_www is the user that PHP runs under on the Mac.
(You may also need to chmod some folders too. I had done that first and it didn't fix it. It wasn't until I did the chown command that it worked, so I'm not sure if it was the chown command alone, or a combination of chmod and chown.)
I did a local install of WordPress on Ubuntu 14.04 following the steps outlined here and simply running:
sudo chown -R www-data:www-data {path_to_your_project_directory}
solved my issue with downloading plugins. The only reason I'm leaving this post here is because when I googled my issue, this was one of the first results and it led me to the solution to my problem.
Hope this one helps to anyone!
There's a lot of similar responses to this question, but none of them fully touch on the root cause. Sebastian Schmid's comment on the original post touches on it but not fully. Here's my take as of 2018-11-06:
Root Cause
When you try to upload a plugin through the WordPress admin interface, WordPress will make a call over to a function called "get_filesystem_method()" (ref: /wp-admin/includes/file.php:1549). This routine will attempt to write a file to the location in question (in this case the plugin directory). It can of course fail here immediately if file permissions aren't setup right to allow the WordPress user (think the user identity executing the php) to write the file to the location in question.
If the file can be created, this function then detects the file owner of the temporary file, along with the file owner of the function's current file (ref: /wp-admin/includes/file.php:1572) and compares the two. If they match then, in WordPress's words, "WordPress is creating files as the same owner as the WordPress files, this means it's safe to modify & create new files via PHP" and your plugin is uploaded successfully without the FTP Credentials prompt. If they don't match, you get the FTP Credentials prompt.
Fixes
Ensure the plugin directory is writable by the identity running your php process.
Ensure the identity that is running your php process is the file owner for either:
a) All WordPress application files, or...
b) At the very least the /wp-admin/includes/file.php file
Final Comments
I'm not overly keen on specifically applying file ownership to the file.php to work around this issue (it feels a tad hacky to say the least!). It seems to me at this point that the WordPress code base is leaning towards having us execute the PHP process under the same user principal as the file owner for the WordPress application files. I would welcome some comments from the community on this.
From the first hit on Google:
WordPress asks for your FTP credentials when it can't access the files
directly. This is usually caused by PHP running as the apache user
(mod_php or CGI) rather than the user that owns your WordPress files.
This is rather normal in most shared hosting environments - the files are stored as the user, and Apache runs as user apache or httpd. This is actually a good security precaution so exploits and hacks cannot modify hosted files. You could circumvent this by setting all WP files to 777 security, but that means no security, so I would highly advise against that. Just use FTP, it's the automatically advised workaround with good reason.
For me the the process that solved, to be able to work on my localhost using Ubuntu, was:
(of course you must replace myUser by your user, whoami show it for you if you dont know)
Include myself on www-data group (to be able to access and edit files without sudo):
sudo usermod -aG www-data myUser
Set myself and this group as files owners:
sudo chown -R myUser:www-data /var/www/html
Set a major permission for the group (the group must write too):
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 775 {} \;
Then add this line on config.php
define('FS_METHOD', 'direct');
The easiest way to solve this problem is add the following FTP information to your wp-config.php
define('FS_METHOD', 'direct');
define('FTP_BASE', '/usr/home/username/public_html/my-site.example.com/wordpress/');
define('FTP_CONTENT_DIR', '/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/');
define('FTP_PLUGIN_DIR ', '/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/plugins/');
FTP_BASE is the full path to the "base"(ABSPATH) folder of the WordPress installation
FTP_CONTENT_DIR is the full path to the wp-content folder of the WordPress installation.
FTP_PLUGIN_DIR is the full path to the plugins folder of the WordPress installation.
We had the same problem as part of a bigger problem. The suggested solution of
define('FS_METHOD', 'direct');
hides that window but then we still had problems with loading themes and upgrades etc. It is related to permissions however in our case we fixed the problem by moving from php OS vendor mod_php to the more secure php OS vendor FastCGI application.
First move to your installation folder (for example)
cd /Applications/XAMPP/xamppfiles/
Now we’re going to modify your htdocs directory:
sudo chown -R daemon htdocs
Enter your root password when prompted, then finish it out with a chmod call:
sudo chmod -R g+w htdocs
I was facing the same problem!
I've added the code below in wp-config.php file (in any line) and it's working now!
define('FS_METHOD', 'direct');
define('FS_METHOD', 'direct');
Add this to wp-config.php
If the issue still persist , you can try setting permission of plugin folder to 755
Or in linux you can set it by this command
Chmod -R 755
As mentioned by Niels, this happens because the server process user can't write to the Wordpress folder.
But here's the thing a lot of articles don't explain. It's the owner of the php process, not the nginx process. If you try to change the nginx owner, it won't solve this.
To solve it, try running ps aux to see which user owns the php-fpm process. Then check that user is the same user as the owner of the wordpress folder, or can at least write to it. If the user can't write to it, you'll need to change permissions and/or ownership of the folder; or put the two users (server owner and wordpress folder owner) in a common group which can write to the folder; or change php.ini "user" property to a user that can write to the folder.
Changing the ownership of the files worked but only after I logged out of my wordpress website and logged in again. I also restarted the Apache server, but that may not be necessary.

Can I install/update WordPress plugins without providing FTP access?

I am using WordPress on my live server which only uses SFTP using an SSH key.
I want to install and upgrade plugins, but it appears that you are required to enter your FTP login to install the plugins. Is there a way to install and upgrade plugins by manually uploading the files instead of having WordPress handle the entire process?
WordPress will only prompt you for your FTP connection information while trying to install plugins or a WordPress update if it cannot write to /wp-content directly. Otherwise, if your web server has write access to the necessary files, it will take care of the updates and installation automatically. This method does not require you to have FTP/SFTP or SSH access, but it does require your to have specific file permissions set up on your webserver.
It will try various methods in order, and fall back on FTP if Direct and SSH methods are unavailable.
https://github.com/WordPress/WordPress/blob/4.2.2/wp-admin/includes/file.php#L912
WordPress will try to write a temporary file to your /wp-content directory. If this succeeds, it compares the ownership of the file with its own uid, and if there is a match it will allow you to use the 'direct' method of installing plugins, themes, or updates.
Now, if for some reason you do not want to rely on the automatic check for which filesystem method to use, you can define a constant, 'FS_METHOD' in your wp-config.php file, that is either 'direct', 'ssh', 'ftpext' or 'ftpsockets' and it will use that method. Keep in mind that if you set this to 'direct', but your web user (the username under which your web server runs) does not have proper write permissions, you will receive an error.
In summary, if you do not want to (or you cannot) change permissions on wp-content so your web server has write permissions, then add this to your wp-config.php file:
define('FS_METHOD', 'direct');
Permissions explained here:
http://codex.wordpress.org/Updating_WordPress#Automatic_Update
http://codex.wordpress.org/Changing_File_Permissions
As stated before none of the perm fixes work anymore. You need to change the perms accordingly AND put the following in your wp-config.php:
define('FS_METHOD', 'direct');
Just wanted to add that you must NEVER set the wp-content permission or permission of any folder to 777.
This is what I had to do to:
1) I set the ownership of the wordpress folder (recursively) to the apache user, like so:
# chown -R apache wordpress/
2) I changed the group ownership of the wordpress folder (recursively) to the apache group, like so:
# chgrp -R apache wordpress/
3) give owner full privilege to the directory, like so:
# chmod u+wrx wordpress/*
And that did the job. My wp-content folder has 755 permissions, btw.
TL;DR version:
# chown -R apache:apache wordpress
# chmod u+wrx wordpress/*
In wp-config.php add define('FS_METHOD', 'direct');
Make server writable the directories wp-content/, wp-content/plugins/.
Install the plugin (copy the plugin dir into the wp-content/plugins dir).
Worked on version 3.2.1
open wp-config.php file and add the following line:
define('FS_METHOD', 'direct');
this is working for me ...Thanks
Just a quick change to wp-config.php
define('FS_METHOD','direct');
That’s it, enjoy your wordpress updates without ftp!
Alternate Method:
There are hosts out there that will prevent this method from working
to ease your WordPress updating. Fortunately, there is another way to
keep this pest from prompting you for your FTP user name and password.
Again, after the MYSQL login declarations in your wp-config.php file,
add the following:
define("FTP_HOST", "localhost");
define("FTP_USER", "yourftpusername");
define("FTP_PASS", "yourftppassword");
Change from php_mod to fastcgi with cgi & SuEXEC enabled (ISPConfig users). Works for me.
If don't work, try to change wp-content to 775 as root or sudo user:
chmod -R 775 ./wp-content
Then Add to wp-config.php:
define('FS_METHOD', 'direct');
Good Luck
In order to enable the use of SSH2 for your updates and theme uploads, you have to generate your SSH keys and have the PHP SSH module installed. Then WordPress will detect that you have SSH2 available and you'll see a different option (SSH2) displayed when doing an upload/upgrade.
1.) Make sure you have the PHP module installed for debian it is:
sudo apt-get install libssh2-php
2.) Generate SSH keys, adding a passphrase is optional:
ssh-keygen
cd ~/.ssh
cp id_rsa.pub authorized_keys
3.) Change the permission so that WordPress can access those keys:
cd ~
chmod 755 .ssh
chmod 644 .ssh/*
Now you'll get the SSH2 option when doing an upload/upgrade/plugin.
4.) For added ease you can setup the defaults in your wp-config.php and this will pre-populate the SSH credentials in the WordPress upload window.
define('FTP_PUBKEY','/home/<user>/.ssh/id_rsa.pub');
define('FTP_PRIKEY','/home/<user>/.ssh/id_rsa');
define('FTP_USER','<user>');
define('FTP_PASS','passphrase');
define('FTP_HOST','domain.com');
The 'passphrase' is optional, if you don't setup a passphrase during ssh-kengen; then don't add it in wp-config.php
This solved my issue. And I didn't have to do the chown at all. But I have seen this method referenced in other places.
References:
http://wp.tutsplus.com/articles/tips-articles/quick-tip-upgrade-your-wordpress-site-via-ssh/
http://codex.wordpress.org/Editing_wp-config.php#Enabling_SSH_Upgrade_Access
Usually you can just upload your plugin to the wp-content\plugins directory. If you don't have access to this directory via SFTP I'm afraid you may be stuck.
You can get it very easily by typing the following command on command promt
sudo chown -R www-data:www-data your_folder_name
or copy & paste the following code in your wp-config.php file.
define('FS_METHOD', 'direct');
Where "your_folder_name" is the folder where your WordPress is installed inside this folder.
If you're on Ubuntu, a quick solution that worked for me is giving ownership to the Apache user (www-data by default) like so:
cd your_wordpress_directory
sudo chown -R www-data wp-content
sudo chmod -R 755 wp-content
Execute the following code in terminal
sudo chown -R www-data /var/www
For further detail visit
Wordpress on Ubuntu install plugins without FTP access
Add the following code to wp-config
define('FS_METHOD', 'direct');
FS_METHOD forces the filesystem method. It should only be direct, ssh2, ftpext, or ftpsockets. Generally, you should only change this if you are experiencing update problems. If you change it and it doesn't help, change it back/remove it. Under most circumstances, setting it to 'ftpsockets' will work if the automatically chosen method does not.
(Primary Preference) "direct" forces it to use Direct File I/O requests from within PHP, this is fraught with opening up security issues on poorly configured hosts, This is chosen automatically when appropriate.
(Secondary Preference) "ssh2" is to force the usage of the SSH PHP Extension if installed
(3rd Preference) "ftpext" is to force the usage of the FTP PHP Extension for FTP Access, and finally
(4th Preference) "ftpsockets" utilises the PHP Sockets Class for FTP Access
For more information visit: http://codex.wordpress.org/Editing_wp-config.php#WordPress_Upgrade_Constants
WordPress 2.7 lets you upload a zip file directly (there's a link at the bottom of the plugins page) -- no FTP access needed. This is a new feature in 2.7, and it works for plugins only (not themes yet).
Please add define('FS_METHOD','direct'); in wp-config.php
Resurrecting an old thread, but there's a fantastic new plugin called SSH SFTP Updater Support that adds in SFTP capabilities without needing to edit your wp-config.php file. Also, Wordpress's SFTP implementation relies on some somewhat obscure PHP modules that are often not enabled on servers; this plugin packages a different PHP SFTP plugin so you don't have to configure anything on the Apache side.
I had run into tons of problems getting SFTP support to work - this plugin solved all of them and is just fantastic.
The answer from stereointeractive covers all the options. Just wanted to mention an alternate way of using FTP. I'm guessing that the reason you are not allowing FTP access is for security. One way to address those security concerns is to run your FTP server listening only on 127.0.0.1
This allows you to use FTP from inside WordPress and you will be able to install plugins while not exposing it to the rest of the world. This can also be applied to other popular web applications such as Joomla! and Drupal. This is what we do with our BitNami appliances and cloud servers and works quite well.
I also recommend the SSH SFTP Updater Support plugin. Just solved all my problems too...especially in regards to getting plugins to delete through the admin. Just install it in the usual way, and the next time you're prompted by WordPress for FTP details, there'll be extra fields for you to copy/paste your private SSH key or upload your PEM file.
Only problem I have is in getting it to remember the key (tried both methods). Don't like the idea of having to find and enter it every time I need to delete a plugin. But at least it's a solid fix for now.
Yes, directly install the plugin in WordPress.
Copy the plugin folder and paste in WordPress plugin folder.
go to admin side (/test/wp-admin) then after go to on the plugin link and check the name of the plugin.
Activate the plugin so Install the plugin easily.
other Option
create the zip file for the plugin code.
go to admin side (/test/wp-admin) then after go to on the plugin link and then click on the add new then browse the plugin zip folder and install the plugin then come out the option activate plugin so so do activate plugin and activate plugin.
I saw a lot of people recommending to set permission to 777. I had same problem like 2 days ago and all I did was, add this to wp-content
define('FS_METHOD', 'direct');
and
set permission to 775 for plugin folder
This solved my problem of asking FTP access login/password.
Before that, I had to add plugin manually by adding .zip file to plugin folder and then go to wp-admin/plugins and had to installed it.
It is possible to use SFTP or SSH to auto update Plugins in WordPress, but you need to have ssh2 pecl extension. You can find out how to do it, using the following tutorial
We use SFTP with SSH (on both our development and live servers), and I have tried (not too hard though) to use the WordPress upload feature. I agree with Toby, upload your plugin(s) to the wp-content/plugins directory and then activate them from there.
Try this
1) In the wp-config.php add define('FS_METHOD', 'direct');
2) Set the wp-content directory to 777 for writable.
3) Now install the plugin.
Try this Check whether the correct permission is given to wp-content folder.
Edit the wp-config.php add the following line
define('FS_METHOD', 'direct');
chmod the "wp-content" directory to www-data for full access.
Now try installing the plugin.
Yes you can do it.
You need to add
define('METHOD','direct');
in your wpconfig.
But this method won't be preferable because it has security voilances.
Thanks,
setting up a ftp or even an SFTP connection or chmod 777 are bad ways to go for anything other than a local environment. Opening even an SFTP method introduces more security risks that are not needed.
what is needed is a writeable permission to /wp-content/uploads & /wp-content/plugins/ by the owner of those directories. (linux ls -la will show you ownership).
Default apache user that runs is www-data.
chmod 777 allows any user on the machine to edit those file, not just the apache/php thread user.
SFTP if you are not already using it, will introduce another point of possible failure from an external source. Whereas you only need access by the local user running the apache/php process to complete the objective.
Didn't see anyone making these points, so I thought I would offer this info to help with our constant WP security issues online.
Method 1:
You can set this:
1. in wp-config.php you need to write this lines.
define('FS_METHOD', 'direct');
Note: put this after define( 'DB_CHARSET', 'utf8mb4' ).
set wp-content permission or permission recursively 775 full permission
you can give it via filezilla. write click on directory > permissions> check read-write and execute and also check Recurse into subdirectories
Method 2:
or You can also set this
define("FTP_HOST", "localhost");
define("FTP_USER", "yourftpusername");
define("FTP_PASS", "yourftppassword");
Here is a simple method.
Execute following commands.
This will enable your mod_rewrite module for Apache
$sudo a2enmod rewrite
This Command will change the owner of the folder to www-data
$sudo chown -R www-data [Wordpress Folder Location]
After You executing above commands you can install any themes without FTP.
You can add following in wp-config.php
define('METHOD','direct');
Here is a youtube video that explaining how to do it. https://youtu.be/pq4QRp4427c
The best way to install plugin using SSH is WPCLI.
Note that, SSH access is mandatory to use WP CLI commands. Before using it check whether the WP CLI is installed at your hosting server or machine.
How to check : wp --version [ It will show the wp cli version installed ]
If not installed, how to install it :
Before installing WP-CLI, please make sure the environment meets the minimum requirements:
UNIX-like environment (OS X, Linux, FreeBSD, Cygwin); limited support in Windows environment.
PHP 5.4 or later
WordPress 3.7 or later. Versions older than the latest WordPress release may have degraded functionality
If above points satisfied, please follow the steps : Reference URL : WPCLI
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
[ download the wpcli phar ]
php wp-cli.phar --info [ check whether the phar file is working ]
chmod +x wp-cli.phar [ change permission ]
sudo mv wp-cli.phar /usr/local/bin/wp [ move to global folder ]
wp --info [ to check the installation ]
Now WP CLI is ready to install.
Now you can install any plugin that is available in WordPress.org by using the following commands :
wp install plugin plugin-slug
wp delete plugin plugin-slug
wp deactivate plugin plugin-slug
NOTE : wp cli can install only those plugin which is available in wordpress.org

Resources