Wordpress group/user issue

Discussion in 'Linux VPS/Dedicated - cPanel' started by Godrockzzz, Mar 22, 2009.

  1. Godrockzzz

    Godrockzzz New Member

    I moved my wordpress site from cpanel shared environment to KH Cpanel environment. The previous server was suPHP so i could use several php.ini files.

    Problem is Wordpress cant write to the folders unless its set to 777 and i dont want to do that. I tried and tried to set the folders to the wordpress user but its still wont write to the folders. Is there something i'm missing?

    I really dont want to put in another support ticket if this is something easily fixed.
     
  2. Dan

    Dan Moderator

    Hello Godrockzzz,

    You can set your VPS to suPHP as well. In WHM go to Service Configuration and then Apache Configuration. In there select PHP and suExec configuration and then you can select suPHP as your PHP handler if that is what you want.

    On the file permissions I have 0 experience with Wordpress but 777 is certainly not a good thing. cPanel installs will typically own files and folders to the account username and for most installs a chmod of 644 is sufficient and from what I have seen is the default.
     
  3. Godrockzzz

    Godrockzzz New Member

    I rebuilt apache since suPHP wasn't an option...works like a charm now!
     
  4. KH-Paul

    KH-Paul CTO Staff Member

    777 isn't that scary and isn't any different from 7xx (for directories) or 6xx (for files) with SuPHP enabled as long as only your own accounts are hosted on the system. The story would be different in case if system is used for shared hosting.
    If system is used for own accounts only it would make great sense to run PHP as Apache module instead of SuPHP for at least the following reasons:
    - SuPHP will slow down your sites;
    - Systems with SuPHP enabled will show higher CPU and disk I/O utilization compared to mod_php;
    - None of php caching extensions like eAccelerator, xcache, etc will work with SuPHP.

    If performance is important and only trusted accounts are hosted on the system - go with PHP running as Apache module.
     
  5. Godrockzzz

    Godrockzzz New Member

    So if i go back to php as a module.... 777 wont be a security issues? I will be the only account on the system.

    I definitely want performance, lower CPU but also security.
     
  6. KH-Paul

    KH-Paul CTO Staff Member

    777 is the access mode which allows to read, write and execute for file/directory owner, group owner and any other system user. Having such permissions isn't a security problem as long as you're running secure scripts on your sites as in order to be able to write some file to the system remote party has to find an insecure script on your site which would allow them to upload / execute their own code on your system.

    Think about this way - when enabling PHP to be running through SuPHP if there is an insecure script on your site the person who will exploit it will be able to create/execute files in any directory inside your account's home directory as all your files/directories are owned by the account's system user and are readable / writable / executable by the account's username.

    In other words - when you have a VPS (or dedicated) and you're the only user on that system switching from mod_php to SuPHP won't only make your PHP based sites run slower but will also decrease your level of security.
     
  7. Godrockzzz

    Godrockzzz New Member

    In that case is PHP Security the best option to run when doing easyapache?
     
  8. KH-Paul

    KH-Paul CTO Staff Member

    "PHP Security" is a bit misleading there, it doesn't really have anything to do with actual security (remember - the most insecure things are weak passwords and outdated/buggy software) but enables few options by default such as mcrypt, mhash, etc. PHP modules should be enabled based on the requirements of software you run on your websites. The more modules you enable the higher memory footprint will be.
     
  9. jeja7676

    jeja7676 Member

    So, what is the solution? How can we resolve permissions problem and yet avoid installing suphp ?
     
  10. Calico

    Calico New Member

    I know this is an old thread but I'm trying to figure out the best way to set things up.

    History: I got a VPS on Sunday... I'm hosting my clients, a site from a previous client who is now managing things inhouse, and possible a few other sites for some friends. In short I know the people using the server personally...

    I followed the KnownHost Knowledge base instructions on PHP Security (Turn on safe_mode, Disable Dangerous PHP Functions, Turn off Register Globals, Run PHP through PHPsuexec) but now am not sure that was the best thing to do... for one it was apparently written in 2006...

    There are currently 3 WordPress sites, some php to send contact forms to an email, and some pages using php includes to pull in header, sidebar and footer pages.

    I'm quite overwelmed with all of this as it came about very suddenly when I asked the previous host if he could upgrade to php5 and was told he was going to shut down his business...


     
  11. Dan

    Dan Moderator

    Hi Calico,

    I've already mentioned my personal preference even though it is counter to what Paul has said. I guess the only answer is that there is no perfect answer.

    I did find a decent comparison writeup done by someone that they linked on WHT though and it might provide you with enough insight to be able to decide for yourself. I recommend reading the post as well as some counterpoints are also given.

    I like suPHP because you do not have to screw around with permissions and because if someone's script runs wild you can see the actual user and kill it.

    The WP installer should inform you if there are problems that you need to address before it even installs. The WP wiki also has information on permissions too.
     
  12. Calico

    Calico New Member

    Thank you Dan,

    I had found that article on WHT earlier but don't think I had found that particular comparison link.. I've read so much I'm not sure I even remember anymore.

    Let's see if I have this right...

    DSO
    +faster as it runs as an apache module
    +/- scripts run as apache user
    + if you have a limited number of sites because only files with ownership/permissions noboby and nobody or everyone write can get corrupted because the php can only write to those file/folders
    - if you have lots of users because a hacker can get to nobody in all areas

    suPHP
    + easier to set up WordPress
    + can only execute files run by that user
    - uses higher CPU
    + malicious scripts are confined to one account
    - malicious scripts can affect EVERYTHING in that account

    I think what is getting me is (from WHT site) "suPHP has the disadvantage that the php script will have all the same permissions as that user, to delete or modify any files owned by that user. In a DSO setup, all the php files are run by 'nobody' so only world writable files can be edited by your php scripts."

    The VPS came with DSO as the default handler... I had found the PHP security in knowledge base atfter loading 3 WordPress accounts. did the things in the PHP security and then went back in and changed the "nobody" to users and changed the permissions down as they didn't need to be at the level I had them for DSO...

    I know the server I had my stuff on before had php4 and was using DSO - because of how I had to set my permissions... not quiet sure what the best answer is at this point...
     
  13. Calico

    Calico New Member

    Since I've used DSO in the past I tried to go back... apparently it isn't as straight forward as DSO->suPHP. WordPress didn't like it at all even when I changed permissions and owners for the wp-content/uploads folders using ssh... not in the mood to have to reinstall all 3 so switched it back to suPHP for now... it is working there..

    This has not been a fun week...
     
  14. kingtas

    kingtas New Member

    For either DSO or suPHP (or any other handler), files should be 644 and folder 755 - period.
     
  15. vuong184

    vuong184 New Member

    Please help me chmod folder wp-content/uploads or wp-content, i can't user plugins WP Super cache and upload images when add new post.
    I have chmod to 777 but can't upload.
    I'm a newbie user VPS, Please help me
    Thank!
     
  16. photalian

    photalian New Member

    I'm having the same issues. I might make a support ticket to see if they can offer me some advice, or to modify/chmod the right commands to tell apache that wordpress has the proper permissions. My old cheeseball shared web host worked fine, running with 755 on folders and 644 on files. It's got to be a configuration issue. I can't seem to find a proper answer online, no matter how hard I look.
     
  17. ANA

    ANA New Member

    photalian and vuong184, maybe this answer is coming a little too late but I've found this problem can be due to mod security rules, not permissions.

    This link might be helpful:
    wordpress.org/support/topic/mod_security-for-wordpress
     

Share This Page