[SATLUG] WordPress / Apache problem on Ubuntu

Eric Haugen erichaugen at gmail.com
Tue Jan 18 16:04:06 CST 2011


On Tue, Jan 18, 2011 at 3:33 PM, Enrique Sanchez
<esanchezvela.satlug at gmail.com> wrote:
> On Tue, Jan 18, 2011 at 1:33 PM, Eric Haugen <erichaugen at gmail.com> wrote:
>> I think we are having a permissions issue on one of our test
>> webservers.  In order for WordPress to function correctly Apache needs
>> to have recursive ownership of /var/www/ (or whatever directory for a
>> virtual host).  It seems to be working fine except for when our
>> outside developer needs to get in and make adjustments to the theme.
>> At that time he claims he is "locked out".  After the phone call I
>> then have to go in and recursively change the permissions to his
>> username for the duration of his session.
>>
>> Is there a way I can modify the permissions so our developer can get
>> in when they need to, while at the same time have our person who is
>> transferring content from the old site be able to make changes through
>> the WordPress interface?
>>
>> Thanks in advance,
>> Eric Haugen
>> --
>
>
> Have you considered giving your outside developer sudo access to
> apache?, of course he could damage the whole thing but that would be a
> quick around.

Uhh no.


>
> does apache need to have ownership of the files or just be able to
> read and write to them? if all it needs to be able to do is to be able
> to write to them (and read of course) then you need to work with the
> umask value as well.

All documentation I have found so far seems to indicate needing to be
owner but I suppose just reading and writing would be enough.

>
> you could define your apache and external developer be members of the
> same group, let say "apache", then all files and directories belong to
> apache:apache
> set the UMASK value for apache and your developer to 002, and make the
> directories writable by the group and with group id bit set: (the s in
> the 2nd group of bits)  2775. thus, every file created under each
> directory would belong to the same group and with the UMASK value you
> are allowing both users to read and write files created by the other.

Will try that, thank you.

>
> a third option would be to create a shell script to publish a file and
> have the developer run it via sudo, the purpose of the script would be
> to copy files to a specific location and make the ownership change as
> well.

Again, I am not sure they would know how to do that even if they were
given the right to.

>
>    sudo publish.sh  <file_name(s) or direcotry>   <DESTINATION_PATH>
>
>  the contents of publsih.sh would be to:
>
> a) Log the activity. (?)
> b.1 ) make backup (?)
> b) copy the files to the destination
> c) make sure the file ownership is set to apache.
>
> probably throwing a few checks to make sure the developer does not
> throw the "../.." sequence in the destination path nor any other
> special char, also if the user needs to work on an existing file, you
> could create a different script to read the files into his home dir
> and leave the file under his/her ownership.
>
> regards,
> enrique.
>
> --
> Enrique Sanchez Vela
> ------------------------------------------
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
>


More information about the SATLUG mailing list