7 posts / 0 new
Last post
#1 Sat, 05/14/2011 - 09:26
konstant

www-data

Earlier today I ran --> chown -R www-data:www-data * in a few of my Wordpress directories to fix the Wordpress autoupdate feature. It served its purpose but would anyone be able to advise on the security implications of doing this? Is it safe? Thanks.

Sat, 05/14/2011 - 09:35
andreychek

Hmm, if you're running that Virtual Server in CGI or FCGID mode (configured in Server Configuration -> Website Options -> PHP Execution Mode), you shouldn't actually have to change the ownership of any of that users files to www-data... all the PHP scripts would be executed as the Virtual Server owner.

That should only be needed when using mod_php.

So as far as security goes -- I'd certainly recommend using CGI or FCGID, and keeping all the files owned by the Virtual Server owner, if you can.

-Eric

Sat, 05/14/2011 - 10:43
konstant

Thanks for the help as always Eric, The actual command I used didn't show up at first, but I've edited the first post.

I've always used FCGI so that's not the problem... unless the GUI is lying to me. What command would you suggest? Something like this maybe?

chown -R username: /home/username/public_html/blog/

Wordpress autoupdate doesn't work with default Virtualmin config, that's for sure.

Sat, 05/14/2011 - 10:45
konstant

Double post, please delete.

Sat, 05/14/2011 - 13:36
andreychek

Are you by chance using Ubuntu 10.04? If so, make sure that in /etc/apache2/mods_enabled/php5.conf, that all the SetHandler lines are commented out. If they aren't, that cause cause all your sites to run under mod_php, even if they're configured to use FCGID or CGI.

-Eric

Sat, 05/14/2011 - 18:55
konstant

That's massive news for me! I am indeed running 10.04. Using phpinfo(), server API is listed as 'Apache 2.0 handler', so I guess I've been running mod_php all this time!

Send me your Paypal address and I'll buy you a beer, You've saved my bacon more than once now :)

Can I ask that this is made a sticky or added to the FAQ if it hasn't been already - it must catch out lots of new users.

Many thanks, Bede

Sat, 05/14/2011 - 19:10
andreychek

Aha! I'm glad that did the trick for you.

That issue is automatically corrected by the installer now, but you probably performed your installation before we knew the issue existed :-)

-Eric

Topic locked