File / Folder Ownership That ISNT Apache

  • I have tried fruitlessly to run WordPress successfully on my VPS as a specific user (so that the client can still use their login details to access the core WordPress files).

    This never works as I’m always having to provide FTP details everytime I make a change to a .htaccess file or add a plugin and I am stuck with having to set ownership for all my WordPress sites to that of the user running Apache. This is great as a fix however it has real problems for if just one of my WordPress websites gets battered to death with a hack. It gives a hacker the potential ability to use the apache account to wipe out other WordPress websites on my VPS.

    Surely there is another method to get around this problem, it does not make sense to me that such a well developed web application would require its files to be served by the same user that owns them.

    Any ideas would help me out ten-fold!

    Thanks =)

Viewing 1 replies (of 1 total)

  • After you hand the site off to the client change the ownership of all the files in their path. To do this ssh into your server as root and change directory to the root install path for your client’s site e.g. cd /var/www/vhosts/site.com/httpdocs/ <– Media Temple’s setup. Then run

    chown -Rf username:group *

    If you happen to be using a Media Temple VPS it would look something like this:

    chown -Rf username:psacln *

    If you don’t know the root path of your server a quick an easy way to find it is to open up any one of your php files in your WP install, like the header.php and use

    echo $_SERVER['DOCUMENT_ROOT'];

    Note that most of the time this won’t hurt anything, but since you are logging in as the root user, just like any other command use with caution.

Viewing 1 replies (of 1 total)
  • The topic ‘File / Folder Ownership That ISNT Apache’ is closed to new replies.