File ownership

  • Resolved Gurk

    (@gurk)


    10 years, 1 month ago

    Having a slight problem with the file ownership and permissions.

    I have no administrative access to server WP is running on, just a regular user account on a linux server.

    We have been hacked a few times and malicious code has been uploaded but they have not been able to edit the pages so for the most part it has gone unoticed by our visitors.

    Now for the problem(s).

    1. In wp-content/uploads all uploaded files are owned by nobody:nobody and have permission 666 (777 for folders). How can I as an ordinary user take ownership and/or change permission?

    2. What are your update routine for keeping the site safe? Should I always use the shell and do it manually or is there a safe way to do it in wp-admin. I rather not let the site be writable by the web server.
    If I get an answer to question 1 I was thinking in the lines of making a small script that makes the site writable by the web server, do the update in the gui, then run another script to tighten permissions again.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Some general, but helpful guidelines and information:

    Permission Scheme for WordPress

    Hardening WordPress

    Thread Starter Gurk

    (@gurk)

    Browsing the support forum for the service provider it seems that, in the past, there where a command takeall that did precisely this. Running with root privileges and changed ownership to the user.

    Asked the support why I couldn’t find it and got the reply that it “probably” had been deleted for security reasons and the support pages was outdated. *sigh*

    Instead, they configured the web server to run as my user and changed all ownership to my account. That presents new security concerns but solved the ownership issue.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘File ownership’ is closed to new replies.