Uploads folder permission issue

I would too recommend to switch to fcgi, because in general it’s faster to process php queries. And if it allows you to avoid running as nobody user it’s way safer.

After, I agree my opinions about Cpanel are subjective, so true in some environments and not true in others. Just one opinion.

Thank you for your responses, Clayton & Digico.

Will explore the possibilities of switching to FCGI and get back if any questions we may have.

Thank you for all the help.

You’re welcome, feel free to get back here, these chats also most of the time learn me new things.
I had a chart to show you php performance with FCGI compared to other processing, but forgot the url, unfortunately.

Anyways, it’s clearly on top of the fastest ways, and why many people switch to Nginx to have a full Php5-fpm + Fcgi handling of PHP to accelerate WordPress. My tests with a few clients also gave overall good results.

While we are exploring the possibilities of switching to FCGI, as an interim arrangment, I’ve gone ahead and done this in our server.

Up until /wp/wp-content/uploads/2015/ – the permissions remain WP default – 755, with user:group being cpanel user.
But for the monthly folders within, like /10, /11, /12 etc. we have set 774 with “cpanel-user:nobody” to enable uploads by PHP/Apache as ‘nobody’ user.

Now. when we do uploads via media during Jan, we are going to have issues with upload when ‘2016’ folder as well as ’01’ monthly folder gets created with default permissions and ownership.

Is there a way I can mention in the wp-config.php (or) else where that the monthly folders should over-ride default permissions and get created with “774” permissions and “nobody” group?

Is there a way I can mention in the wp-config.php (or) else where that the monthly folders should over-ride default permissions and get created with “774” permissions and “nobody” group?

Here’s something you can try – consider it a temporary work-around until you get your server configuration sorted out.

– from your wordpress root directory

chown username:nobody wp-content
chmod 0775 wp-content

chown username:nobody /wp-content/uploads
chmod 0775 /wp-content/uploads

The caveats:

Everything the media up-loader sends to the uploads directory from now on will be owned nobody:nobody – your (server) user account may not be able to delete files manually if you need to. It will require you to manually change file permissions if the need arises in the future.

You assume any and all risks that may present themselves while – or because of – altering file permissions and ownership schemes on your own server.

Just for giggles, what happens when you try to install a plugin or a theme from your dashboard? Do they install okay after you enter your FTP credentials?

Hi Wp_query and Clayton James,

There are caveats in both approaches, that’s why in general you have an admin full root (you) in apache/ngnix and a different user like “publisher” with enough rights to overwrite a file in wp-uploads/2015/12/image.jpg for example.

All that is made from a root linux user, then a WordPress admin user, then a WordPress “writer” user, so on..

It needs some work to create all these levels in Apache/Nginx and also WordPress and make it right, given that if server is well secure, you’ll probably need a key/passphrase to access files in a https:// secured server or over SSH. For example, disabling all knonw admin WordPress web ports combined with .htacces on admin url, at web server level, will help to leverage security.

@clayton James

On a perfectly secure server, there is one root (which can’t access it by port 80 after setup). And users with several levels of writing in terms of given subfolders (that’s what i do with one server – was never hacked in 3 years, no cloudflare, quite low vps, no https).

Hope it helps,

@digico Paris

Yep. I’m familiar with denying remote root login over SSH, but I’m not sure that I’ve ever seen sshd configured to allow root login over port 80 for any reason. Before, or after setup.

I think you’re at a point where you’re just throwing mud into the water and then stirring it, but thank you for your input. ??

@clayton

I’m not throwing mud, just one good way of managing. It was to help you to go into your server.

Now I don’t sell / try anything, just saw (maybe wrong) you have some trouble with your server and commmon servers.

Thanks not to say i throw mud to people, because i just try to help, not throw mud or say you’re bad dude so on. I NEVER say that.

Haha! I am so, so, sorry!! I think you did not understand what I was trying to say. I sometimes forget that things I say in English may not be so familiar to someone who speaks English as a second language. I apologize that it may have put you on the defensive.

What I mean by “throwing mud in the water and stirring it”, is that by continuing to offer so much information that really has very, very, little to do with the problem that was being discussed, you only make things more cloudy or unclear with too much unrelated information.

Stirring muddy water makes it cloudy and hard to see into. That is my meaning.

It was to help you to go into your server…
… just saw (maybe wrong) you have some trouble with your server and commmon servers.

If you re-read the discussion, you will see that I am not having any problems with my server, but again, thank you just the same.