I have installed WordPress 3.6.1 on Debian 6.0.8 (alongside with other websites) by following this tutorial https://wiki.debian.org/WordPress.
I keep strugling with wordpress asking for ftp Connection Information for theme or plugin updates.
Could you please help me setting the rights correctly ?
Looking forward to read from you
What I can to do
install/delete plugin
install/delete themes
What I can't do
display theme nicely unless I manually create the symbolic link to the files.
Posts I have read :
Can I install/update WordPress plugins without providing FTP access?
How do I know which linux user Wordpress uses for plugin installation
WordPress can't install themes
A general linux file permissions question: Apache and WordPress
apache and sftp permissions for wordpress automatic update in ubuntu
What I have tried
Set FS_METHOD to direct
in /etc/wordpress/config-mydomain.fr.php
define('FS_METHOD', 'direct');
Re assigh permissions :
admin#server01:/usr/share/wordpress$ find -type d -exec sudo chmod 755 {} \;
admin#server01:/usr/share/wordpress$ find -type f -exec sudo chmod 644 {} \;
admin#server01:/usr/share/wordpress$ ls -l
total 144
-rw-r--r-- 1 root root 395 8 janv. 2012 index.php
-rw-r--r-- 1 root root 7155 14 sept. 2013 readme.html
-rw-r--r-- 1 root root 4616 21 janv. 2013 wp-activate.php
drwxr-xr-x 9 root root 4096 19 mars 13:00 wp-admin
-rw-r--r-- 1 root root 271 8 janv. 2012 wp-blog-header.php
-rw-r--r-- 1 root root 3513 16 juil. 2013 wp-comments-post.php
-rw-r--r-- 1 root root 2381 13 sept. 2013 wp-config.php
-rw-r--r-- 1 root root 3177 1 nov. 2010 wp-config-sample.php
drwxr-xr-x 5 root www-data 4096 19 mars 13:00 wp-content
-rw-r--r-- 1 root root 2718 23 sept. 2012 wp-cron.php
drwxr-xr-x 10 root root 4096 19 mars 13:00 wp-includes
-rw-r--r-- 1 root root 1997 23 oct. 2010 wp-links-opml.php
-rw-r--r-- 1 root root 2408 26 oct. 2012 wp-load.php
-rw-r--r-- 1 root root 29751 23 juil. 2013 wp-login.php
-rw-r--r-- 1 root root 7715 3 mars 2013 wp-mail.php
-rw-r--r-- 1 root root 9990 21 févr. 2013 wp-settings.php
-rw-r--r-- 1 root root 22135 15 mai 2013 wp-signup.php
-rw-r--r-- 1 root root 3692 9 mai 2013 wp-trackback.php
-rw-r--r-- 1 root root 2722 4 mars 2013 xmlrpc.php
&
admin#server01:/var/lib/wordpress$ find -type d -exec sudo chmod 755 {} \;
admin#server01:/var/lib/wordpress$ find -type f -exec sudo chmod 644 {} \;
admin#server01:/var/lib/wordpress$ ls -l
total 4
drwxr-xr-x 8 www-data www-data 4096 20 mars 15:04 wp-content
Manually remove broken plugin
admin#server01:/var/lib/wordpress/wp-content/plugins$ sudo rm akismet
admin#server01:/usr/share/wordpress/wp-content/plugins$ sudo rmdir akismet/
Manually remove broken themes
admin#server01:/usr/share/wordpress/wp-content/themes$ sudo rmdir twentythirteen/
admin#server01:/usr/share/wordpress/wp-content/themes$ sudo rmdir twentytwelve/
&
admin#server01:/var/lib/wordpress/wp-content/themes/clear$ sudo rm *
admin#server01:/var/lib/wordpress/wp-content/themes$ sudo rmdir clear/
Manually define themes symbolic links that dont want to appear automatically
admin#server01:/usr/share/wordpress/wp-content/themes$ sudo ln -s '/var/lib/wordpress/wp-content/themes/clear' 'clear'
Restart ssh :
admin#server01:~$ sudo /etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.
Restart apache :
admin#server01:~$ sudo service apache2 reload
Reloading web server config: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 92.243.##.### for ServerName
/etc/apache2/sites-available/fr.mydomain.www
<VirtualHost *:80>
ServerName mydomain.fr
ServerAlias www.mydomain.fr
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.fr
RewriteRule $(.*)$ http://www.mydomain.fr$1 [R=permanent,L]
DocumentRoot /usr/share/wordpress/
DirectoryIndex index.php index.html
ErrorLog /var/log/apache2/wp-error.log
TransferLog /var/log/apache2/wp-access.log
<Directory /usr/share/wordpress>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /wp/wp-content /var/lib/wordpress/wp-content/
ScriptAlias /wp /usr/share/wordpress/
<Directory "/var/lib/wordpress/wp-content">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
/etc/wordpress/config-mydomain.fr.php
<?php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'myPassword');
define('DB_HOST', 'localhost');
define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content');
define('FS_METHOD', 'direct');
?>
Apache seems to run as root
ps aux | grep apache
root 11565 0.0 0.7 227076 15040 ? Ss Mar19 0:03 /usr/sbin/apache2 -k start
root 23668 0.0 0.3 227212 7500 ? S 10:07 0:00 /usr/sbin/apache2 -k start
...
root 26875 0.0 0.3 227212 7500 ? S 12:50 0:00 /usr/sbin/apache2 -k start
admin 27111 0.0 0.0 9620 916 pts/1 S+ 13:18 0:00 grep apache
777*
I have tried to change /usr/share/wordpress/wp-content and /var/lib/wordpress/wp-content to 777 without success...and I know that is very very bad.
Maybe this is because of some weird behaviour of Wordpress: The check whether WP has write permissions creates a temporary file and compares the owner of that file (which will be the Apache process, www-data) to the result of getmyuid(). However, getmyuid() returns the owner of the running php file (wp-admin/update.php in this case) which is 0 (root) in the default install. Try to change the owner of this file to www-data, which made it work for me:
chown www-data:www-data /usr/share/wordpress/wp-admin/update.php
Related
Jenkins installed on Ubuntu 18.04 and running successfully.
As part of our project build process, we need to copy built files to a specific folder under /var/www/html (Apache folder). Our build / Execute shell:
npm install
ng build --prod
cp -R /var/lib/jenkins/workspace/kagi-core/dist/core/* /var/www/html/kagi-core/
But jenkins build fails at the final copy command with the following errors:
23:18:10 + cp -R /var/lib/jenkins/workspace/kagi-core/dist/core/3rdpartylicenses.txt /var/lib/jenkins/workspace/kagi-core/dist/core/assets ...
23:18:10 cp: cannot create regular file '/var/www/html/kagi-core/3rdpartylicenses.txt': Permission denied
...
...
Here's what we did/tried so far:
Added "jenkins" user to root and ubuntu groups.
ubuntu#ip-172-31-15-215:/var/www/html$ groups jenkins
jenkins : jenkins root ubuntu
Changed permissions on /var/www/html/kagi-core folders to "jenkins" user
drwxr-xr-x 3 ubuntu jenkins 4096 Sep 17 21:36 www
..
drwxr-xr-x 3 ubuntu jenkins 4096 Sep 18 21:04 html
..
drwxrwxrwx 4 ubuntu jenkins 4096 Sep 18 21:18 kagi-core
What are we missing? Appreciate any help!
While trying to fix this, found the solution. Adding here for reference:
On observing carefully, the permissions to /var/www folders, they are as
drwxr-xr-x 3 ubuntu jenkins 4096 Sep 17 21:36 www
but instead they should be the other way around (allow "jenkins" user to the default group):
drwxr-xr-x 3 jenkins ubuntu 4096 Sep 17 21:36 www
Also we reset the group to default root
So the command that solved the issue was
cd /var
sudo chown -R jenkins:root www/
After this, jenkins builds were successful (able to copy to the /var/www/html folder).
I'm setting up a new website on a new Ubuntu droplet at Digital Ocean. I set this up previously on a different droplet and rsynced the website contents to it. I followed directions I found on the web, but didn't keep detailed-enough notes. I'm just trying to replicate this on the new Droplet. But I've messed up somehow. My knowledge of permissions, etc. is rudimentary :-(
My server has: /var/www/html
This is what I did:
• sudo usermod -a -G www-data [myusername]
• sudo chown -R www-data:www-data /var/www
• sudo chmod -R g+rw /var/www
• sudo chmod -R g+rws /var/www
I then created “/var/www/howardmann.us/public_html” for my website.
(I didn't put the public_html directory in var/www/html. I didn't on my other Droplet. Perhaps I should.)
sudo ls -la /var/www
total 16
drwxrwsr-x 4 www-data www-data 4096 Feb 25 15:43 .
drwxr-xr-x 14 root root 4096 Feb 24 14:27 ..
drwxr-sr-x 3 root www-data 4096 Feb 25 15:43 howardmann.us
drwxrwsr-x 2 www-data www-data 4096 Feb 25 15:42 html
sudo ls -la /var/www/howardmann.us/public_html
total 8
drwxr-sr-x 2 root www-data 4096 Feb 25 15:43 .
drwxr-sr-x 3 root www-data 4096 Feb 25 15:43 ..
Now, excerpts of rsync script (successful to my other Droplet) result from my laptop now:
1.
howardm$ ./deploy.sh
sending incremental file list
rsync: failed to set times on "/var/www/howardmann.us/public_html/.": Operation not permitted (1)
rsync: recv_generator: mkdir "/var/www/howardmann.us/public_html/css" failed: Permission denied (13)
* Skipping any contents from this failed directory *
3.
rsync: mkstemp "/var/www/howardmann.us/public_html/.DS_Store.8zaaQg" failed: Permission denied (13)
Question: How do I fix ownership and permissions on the server directories for 1) proper permissions for a website and 2) permit a rsync deploy?
For comparison, here is the status of my current working web site on the other Droplet:
howardm#howardmann:~$ ls -la /var/www/
total 20
drwxrwxr-x 5 howardm www-data 4096 Mar 5 2016 .
drwxr-xr-x 13 root root 4096 Mar 28 2015 ..
drwxrwxr-x 4 howardm www-data 4096 Jun 8 2016 howardmann.us
drwxrwxr-x 2 howardm www-data 4096 Mar 29 2015 html
Thanks!
Howard
Well, I fixed this after reading some more about permissions for a website.
My website folder is titled howardmann.us, which contains a public_html folder with the website contents.
So: /var/www/howardmann.us/public_html. (/var/www also contains a html directory)
I achieved the relevant ownership/permissions with:
sudo chown -R howardm:www-data /var/www/
I'm the owner, and www-data the group.
sudo usermod -a -G www-data [myusersername]
I'm a member of the www-data group
sudo chmod -R 2775 /var/www/
This yields the proper permissions, I believe for a web site.
I made sure the same owner:group applied to all these directories:
ls -l /var/www
total 8
drwxr-sr-x 3 howardm www-data 4096 Feb 26 19:23 howardmann.us
drwxrwsr-x 2 howardm www-data 4096 Feb 25 15:42 html
ls -l /var/www/howardmann.us
total 4
drwxr-xr-x 11 howardm www-data 4096 Feb 5 2017 public_html
Now rsync works without errors.
If anyone believes these ownership/permissions for a website are (substantially) improper, please comment.
Howard
I regularly use a2ensite and a2dissite to enable and disable sites in Apache. As far as I know it does little more than simply creating a symlink from /etc/apache2/sites-enabled to /etc/apache2/sites-available. I can also do it manually, but because it saves me typing a few characters I use these shortcuts.
I just did a cat /usr/sbin/a2ensite, and to my surprise it's quite an elaborate program. According to the man pages, it does little more than enabling sites though. I briefly looked over the (Perl) source code, but even though it's a lot of code I don't really understand what it does more than simply creating a symlink.
Why does it need so much code to simply create a symlink? What am I missing here?
Actually
a2enconf
a2disconf
a2dismod
a2ensite
a2dissite
are all only symlinks to a2enmod:
$ /usr/sbin$ ll -d a2*
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2disconf -> a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2dismod -> a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2dissite -> a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2enconf -> a2enmod
-rwxr-xr-x 1 root root 15424 Apr 5 2016 a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2ensite -> a2enmod
-rwxr-xr-x 1 root root 9870 Jul 15 17:33 a2query
and a2enmod implements the functionality of all six of them in one script.
It decides what to do depending on $0 (i.e. the name the script was called with).
That's probably the reason why it's more complicated than a simple ln -s.
I'm using Docker to run an Apache instance. My docker file goes something like this:
FROM ubuntu
MAINTAINER your.face#gmail.com
RUN cat /etc/passwd
RUN cat /etc/group
RUN apt-get update && apt-get install -yq apache2 php5 libapache2-mod-php5 php5-mysql
RUN apt-get install -yq openssh-server
RUN mkdir /var/run/sshd
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
EXPOSE 80
ADD config/apache2/000-default.conf /etc/apache2/sites-available/000-default.conf
ADD config/php5/php.ini /etc/php5/apache2/php.ini
ADD config/start.sh /tmp/start.sh
ADD src /var/www
RUN chown -R root:www-data /var/www
RUN chmod u+rwx,g+rx,o+rx /var/www
RUN find /var/www -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www -type f -exec chmod u+rw,g+rw,o+r {} +
#essentially: CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
CMD ["/tmp/start.sh"]
However, when I build the container and run it, I only ever get 403 errors.
Notice that I've specified that Apache should run as www-data in www-data group, and that /var/www has been recursively chownd to belong to root:www-data.
Also, all directories are searchable and readable, and all files are readable and writeable by the www-data group (well, according to ls -la and namei -m they are anyways).
How do I fix these permissions issues? I cant figure it out.
Actual error from the Apache error.log:
[Fri May 23 18:33:27.663087 2014] [core:error] [pid 14] (13)Permission denied: [client 11.11.11.11:61689] AH00035: access to /index.php denied (filesystem path '/var/www/index.php') because search permissions are missing on a component of the path
EDIT:
output of ls -laR /var/www at the end of the Dockerfile:
Step 21 : RUN ls -laR /var/www
---> Running in 74fd3609dfc8
/var/www:
total 1036
drwxr-xr-x 67 root www-data 4096 May 23 18:38 .
drwxr-xr-x 26 root root 4096 May 23 18:38 ..
-rw-rw-r-- 1 root www-data 28 May 23 12:22 .gitignore
-rw-rw-r-- 1 root www-data 501 May 23 12:22 .htaccess
-rw-rw-r-- 1 root www-data 7566 May 23 12:22 index.php
Output of namei -m /var/www/index.php at the end of the Dockerfile:
Step 22 : RUN namei -m /var/www/index.php
---> Running in 1203f0353090
f: /var/www/index.php
drwxr-xr-x /
drwxr-xr-x var
drwxr-xr-x www
-rw-rw-r-- index.php
EDIT2
After trying a whole bunch of things, including chmod -R 777 just to see if I could get anything to work, I tried putting the source files added from the Dockerfile into /var/www/html, the default location for Apache files to be served.
I matched the default file permissions exactly (I think), and it still isn't working. The default index.html that comes with Apache loads just fine, but the added src folder still have a 403 access denied error.
I changed the Dockerfile to ADD src /var/www/html/src and the permissions were set using:
RUN find /var/www/html -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www/html -type f -exec chmod u+rw,g+r,o+r {} +
No luck. Below is some of the output of ls -laR on /var/www. Notice that the permissions for the html folder and index.html that come with an apache2 install match those of the added src folder:
Step 19 : RUN ls -laR /var/www/
---> Running in 0520950d0426
/var/www/:
total 12
drwxr-xr-x 6 root root 4096 May 23 19:23 .
drwxr-xr-x 24 root root 4096 May 23 19:23 ..
drwxr-xr-x 5 root root 4096 May 23 19:23 html
/var/www/html:
total 24
drwxr-xr-x 5 root root 4096 May 23 19:23 .
drwxr-xr-x 6 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 11510 May 23 18:28 index.html
drwxr-xr-x 47 root root 4096 May 23 19:23 src
/var/www/html/src:
total 1032
drwxr-xr-x 47 root root 4096 May 23 19:23 .
drwxr-xr-x 5 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 28 May 23 12:22 .gitignore
-rw-r--r-- 1 root root 501 May 23 12:22 .htaccess
-rw-r--r-- 1 root root 7566 May 23 12:22 index.php
Perhaps chmod doesn't work quite the way I thought it does??
EDIT3
A final bit of information. The Docker container is being built by buildbot, which I've been assuming runs as root. I haven't been able to reproduce this scenario without using buildbot to do the building.
Building everything via sudo docker build -t apache . type commands on my laptop works fine, but the problems arise when buildbot does it. No idea why :^/
I just ran into this after posting a similar question at Running app inside Docker as non-root user.
My guess is you can't chmod/ chown files that were added via the ADD command. – thom_nic Jun 19 at 14:14
Actually you can. You just need to issue a a RUN command after the ADD for the file location that will be INSIDE your container. For example
ADD extras/dockerstart.sh /usr/local/servicemix/bin/
RUN chmod 755 /usr/local/bin/dockerstart.sh
Hope that helps. It worked for me.
I encountered a similar issue; however my container was using VOLUME to map directories across the container.
Changing the permissions on the directory that maps to /var/www/html itself remedied the 403 Forbidden errors.
docker-host$ ls -ld /var/www/html
drwxr--r-- 53 me staff 1802 Mar 8 22:33 .
docker-host$ chmod a+x /var/www/html
docker-host$ ls -ld /var/www/html
drwxr-xr-x 53 me staff 1802 Mar 8 22:33 .
Note that chmod must be applied on the Docker host, not within the container. Executing it within the container effects no change to the directory.
docker-container$ chmod a+x /var/www/html
docker-container$ ls -ld /var/www/html
drwxr--r-- 53 me staff 1802 Mar 8 22:33 .
I am just using the standard apache config file which mentions that it follows symlinks, but when I hit the url http://localhost/test it downloads the symlink file instead of following it. What config do I need to change to get apache to follow the symlink instead of downloading it?
This is an ls on the directory:
$ ls -al
total 10
drwx------+ 1 SYSTEM SYSTEM 0 Oct 20 10:55 .
drwx------+ 1 SYSTEM SYSTEM 0 Aug 26 12:27 ..
-rw-r--r--+ 1 me None 47 Oct 20 10:14 index.html
lrwxrwxrwx 1 me None 29 Oct 19 17:10 test -> /home/me/projects/test
This is in my apache config file:
<Directory "D:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
I figured out the problem. The symlink I was using was made using cygwin and it crossed drives/volumes. I found out that's not allowed in windows so I had to move the files to the same drive as apache and the link is now working.