[BlueOnyx:10878] Re: Web Ownership
Michael Stauber
mstauber at blueonyx.it
Tue Jun 26 09:55:13 -05 2012
Hi DD,
> My problem is that I have users with WordPress as only part of their
> site.
> If I have the wp-content folder owned by Apache then the user can
> upload
> files via the admin panel as well as FTP to other areas of the site.
> I
> imagine if I had all WP files owned by apache:apache then they could
> update the engine as well.
No, please don't. That's not how it's supposed to be.
Enable suPHP for the site and use the GUI to chown the entire site to a
specific siteAdmin. Use the siteAdmin for that purpose that is also
supposed to do the FTP uploads.
This solves pretty much all problems:
1.) The siteAdmin in question has full FTP access to everything he
needs.
2.) Files uploaded through the web browser will be created by the UID
of the siteAdmin in question.
3.) Files created by the web application will also be created by the
UID of the siteAdmin in question.
That will even allow WordPress to update itself through FTP - provided
you enter the correct provisions.
So what else do you need? Once suPHP is turned on, there is no need to
ever turn it off again, as it's literally the answer to all these
problems.
It's only when you disable suPHP that the problems really start,
because then the ownership issues will be a killer.
--
With best regards,
Michael Stauber
More information about the Blueonyx
mailing list