wpconfig.php 440 or 400 permissions fails

  • Ambyomoron

    (@josiah-s-carberry)


    12 years, 2 months ago

    When I try to connect to wp at <my host>/wp-admin I get the error message:

    `Warning: require_once(<path>/wp-config.php) [function.require-once]: failed to open stream: Permission denied in <path>/wp-load.php on line 34

    Fatal error: require_once() [function.require]: Failed opening required ‘<path>/wp-config.php’ (include_path=’.:/opt/php/lib/php’) in <path>/wp-load.php on line 34

    This error occurs only when wp-config.php does not have read permission for everyone (for example, 400 or 440). With permissions set to 444 everything works OK, but I do not wish to make the file readable by everyone, for obvious reasons.

    The WP instance is installed on a shared server.
    wp-config.php has been moved to the folder above the wp installation.
    The server is running php 5.3

    What I have already tried, and which is NOT a solution:
    – reinstalling WP
    – removing .htaccess
    – reading every thread here and explanations in codex
    – it obviously has nothing to do with plugins, but I have no caching plugins

    Any ideas what to do? Does this have something to do with the way PHP is configured (over which I have no control)? Might it concern the way groups are defind on the server?

Viewing 1 replies (of 1 total)
  • Thread Starter Ambyomoron

    (@josiah-s-carberry)

    I have additional information from my hosting company. There is indeed an issue with the definitions of the groups. The owner of the wp-config.php file (that is to say, the account of the person who uploads it to the server) does not belong to the same group as the Apache httpd account, which is the account that runs the php file. If the public is not given read permission to the file, then Apache cannot see it and run it.

    It is clear that the ftp and the httpd accounts can simply not be the same in such environments. I suppose the hosting company feels that it must harden access to Apache by making sure that customer accounts cannot be in the same group as the Apache account. The tradeoff is that access to the personal or company data in the WP database and access to the WP scripts are somewhat less hardened.

    I would be interested in hearing views on the pros and cons of this tradeoff.

Viewing 1 replies (of 1 total)
  • The topic ‘wpconfig.php 440 or 400 permissions fails’ is closed to new replies.