Can't upload media – "The uploaded file could not be moved to…"

In a word, no. This is web host specific. WordPress will not mod for your host…try another.

Maybe you should give more details. “Web host specific” makes no sense.

“Web host specific” makes no sense.

Review this issue with your web host, it is not WordPress specific.

I think you could give more details, if you really know what you are saying.

picture.jpg” has failed to upload due to an error
The uploaded file could not be moved to /server-root-folder/wp-content/uploads/2011/12.

This issue is related to a failure in your hosting account/web server and is not a WordPress issue…Check if WordPress has the proper write permissions to the uploads folder by asking your web host about this.

I get the impression that you don’t know what I am talking about. I already said some technical details that include your assumption.
Please, let the tech guys do their job and answer to those questions where you exactly know the answer.

It sounds like you’re not looking for a solution to your problem.

What you really want is to make a suggestion that files can also be uploaded through FTP if the web server does not have the required write permissions. If so, then you really should have posted in the Requests and Feedback forum.

Just fyi, themes and plugins can be installed and updated without FTP access if the web server has the required write permissions.

If the web server has write permissions to any folder, don’t you thinks that an attacker could write anything in that folder? Smart S!

I already said that IT’S A MEASURE OF SECURITY to run Apache as nobody:nobody and use ftp_account:ftp_group to write files to the web server.

@zionptm
I find your response rather disparaging..as noted by others, it’s not a WordPress issue.

[Moderator] please comment in.

Not at all, you’re assuming that the web server is part of the ‘others’ group, which does not have to be the case.

I already said that IT’S A MEASURE OF SECURITY to run Apache as nobody:nobody and use ftp_account:ftp_group to write files to the web server.

That isn’t possible. The PHP process can’t write files as a different account than it’s running as. If Apache is running as “nobody” then PHP will also run as “nobody”, and files it writes must be capable of being written by “nobody”.

The exception to this is on shared hosting, where you can use setuid methods to run PHP. Thus, Apache runs as “nobody”, but PHP actually runs under your user account. This gives the program the same privileges you have. The reason this is more secure is because an attacker can only gain your privileges, and thus not compromise all the other accounts on the same web server. The “nobody” user is generally stronger on a shared host, since he can read many other people’s files.

Bottom line is that unix permissions don’t change just because you want them to. If you want your webserver process to be able to write files, then he must have the proper permissions to do so. And that usually means 777 unless you’re using special methods. This is less dangerous than you think, because you’re limiting a theoretical attacker to a specific directory and place. As long as they can’t go outside that directory, it’s safe.

Thank you for clarifying that for us, Otto.