#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    218
    Rep Power
    17

    WordPress Permissions Issue


    Problems with WordPress.

    When you want to upload a media asset such as a background image, if it's not already there, WordPress tries to create the "uploads" directory under the "wp-content" directory.

    Permissions for "wp-content" are 775, and that should be more than enough. Owner "nobody" and group "65534" ...? "65534" is not a group that I can find.

    ANYWAY, trying to upload a background image get's me this:

    Unable to create directory wp-content/uploads/2017/11. Is its parent directory writable by the server?

    Changing "wp-content" to 777 allows creation of the directories and upload of the file, but 777 shouldn't be necessary.

    Changing ownership and group the root does not help.

    Changing overall ownership and group to "apache" did the trick, but should that be necessary with an out-of-the box WordPress install? The install directions say nothing about permissions, assumption being they will be correct on install. Also, things are not automatically created with "apache" as the owner / group...
    Last edited by Arty Zifferelli; November 8th, 2017 at 05:04 PM.
  2. #2
  3. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,435
    Rep Power
    9645
    I bet WP says /uploads should be 0777.

    There are advanced filesystem permissions possible (maybe), but if you have root access then I'd simply set it as 0755 and change ownership (-R) to apache:apache.

    But really, either way PHP will be able to put files there and the mere act of storing uploaded files is where most of the the vulnerabilities come in - filesystem permissions only really matter on shared hosting.

    Oh. 65534 will be a group ID, not a name. You seeing the number means there's no group mapped to that number, which is something you should look into. With an ID that high odds are it's a sort of unprivileged group akin to nobody.
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    218
    Rep Power
    17
    Here's an interesting bit of trivia I didn't know...
    Historically, the user “nobody” was assigned UID -2 by several operating systems, although other values such as 2^(15)−1 = 32,767 are also in use, such as by OpenBSD. For compatibility between 16-bit and 32-bit UIDs, many Linux distributions now set it to be 2^(16)−2 = 65,534; the Linux kernel defaults to returning this value when a 32-bit UID does not fit into the return value of the 16-bit system calls. An alternative convention assigns the last UID of the range statically allocated for system use (0-99) to nobody: 99.
  6. #4
  7. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,553
    Rep Power
    4549
    You've mentioned that you use CentOS in other posts. FYI, the default CentOS httpd server runs as user apache group apache.
    ======
    Doug G
    ======
    I've never been able to appreciate the sublime arrogance of folks who feel they were put on earth just to save other folks from themselves .." - Donald Hamilton
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2006
    Posts
    2,632
    Rep Power
    1811
    Pretty much what everyone else has said, including yourself on the follow-on post. The owner (and group) of the directory should be that of the user (and group) of the process that accesses them, and that sounds like it should be apache:apache at which point you should go back to (at a minimum) 0775 (I might go so far as 0755).
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc

IMN logo majestic logo threadwatch logo seochat tools logo