[SATLUG] WordPress / Apache problem on Ubuntu

Enrique Sanchez esanchezvela.satlug at gmail.com
Tue Jan 18 15:33:37 CST 2011

On Tue, Jan 18, 2011 at 1:33 PM, Eric Haugen <erichaugen at gmail.com> wrote:
> I think we are having a permissions issue on one of our test
> webservers.  In order for WordPress to function correctly Apache needs
> to have recursive ownership of /var/www/ (or whatever directory for a
> virtual host).  It seems to be working fine except for when our
> outside developer needs to get in and make adjustments to the theme.
> At that time he claims he is "locked out".  After the phone call I
> then have to go in and recursively change the permissions to his
> username for the duration of his session.
> Is there a way I can modify the permissions so our developer can get
> in when they need to, while at the same time have our person who is
> transferring content from the old site be able to make changes through
> the WordPress interface?
> Thanks in advance,
> Eric Haugen
> --

Have you considered giving your outside developer sudo access to
apache?, of course he could damage the whole thing but that would be a
quick around.

does apache need to have ownership of the files or just be able to
read and write to them? if all it needs to be able to do is to be able
to write to them (and read of course) then you need to work with the
umask value as well.

you could define your apache and external developer be members of the
same group, let say "apache", then all files and directories belong to
set the UMASK value for apache and your developer to 002, and make the
directories writable by the group and with group id bit set: (the s in
the 2nd group of bits)  2775. thus, every file created under each
directory would belong to the same group and with the UMASK value you
are allowing both users to read and write files created by the other.

a third option would be to create a shell script to publish a file and
have the developer run it via sudo, the purpose of the script would be
to copy files to a specific location and make the ownership change as

    sudo publish.sh  <file_name(s) or direcotry>   <DESTINATION_PATH>

 the contents of publsih.sh would be to:

a) Log the activity. (?)
b.1 ) make backup (?)
b) copy the files to the destination
c) make sure the file ownership is set to apache.

probably throwing a few checks to make sure the developer does not
throw the "../.." sequence in the destination path nor any other
special char, also if the user needs to work on an existing file, you
could create a different script to read the files into his home dir
and leave the file under his/her ownership.


Enrique Sanchez Vela

More information about the SATLUG mailing list