Apache with WordPress write permission problems!!

[explorer1979]

Hi all,

I am using CentOS 6.2 with all buildin latest software to build my web site from Windows move to Linux.

All thing look work on, but .... after I am try upload images/photo to my WordPress, have experience big problems there, it haven't upload the files, look like the Apache/PHP can't write on the wordpress folder.

Here are my install setting and step.

I make the server support Name Base Virtual Host, and setting this on /etc/httpd/conf.d/abc.conf


ServerName explorerhome.dyndns.org
DocumentRoot /home/abc/public_html


#useradd abc
/home/abc now is drwx------ owner/group id is 500 500 (abc)

Then I using FileZilla login by abc, make a public_html, and then blog under public_html, it is both id 500 500 on owner/group and with 755 permission

My Server Apache are running id 40 40 owner/group

I install the WordPress under /home/abc/public_html/blog/

Then upload all backup files/ folder from the Windows box I backup before to the new linux box, this mean the
/home/abc/public_html/blog/wp-content/uploads
folder are make by this abc user with 500 500 owner/group and 755 permission

Now some plugin and the buildin wordpress media manager need write to /home/abc/public_html/blog/wp-content/ and some sub folder..

How to fix this is a best and safe way other then make it 777 permission?

Or I am setting my server something total wrong?

Thank you very much.

[hawaiian717]

Since the Apache server is running under uid 40 and and did 40, the best way I can think of off the top of my head would be to set the group of the WordPress upload directories to 40, then set the permissions to 775.

[explorer1979]

hawaiian717,

Thank you, but how to running the command?

chown 40.40 /home/abc/public_html/blog/wp-content/ and all sub path under it?

[pschaff]

No - changing the ownership under the home directory is not the way to go. Seems likely to be a SELinux issue. See [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=35363&forum=55&post_id=152431#forumpost152431]this thread[/url] for some guidance.

[explorer1979]

pschaff,

Sorry, I don't think so it is SELinux problems, since when the starting I am install all the LAMP software by it default value, I manual edit the /etc/sysconfig/selinux and full disable it and reboot the server before I post there.

Now my fix is manual set the folder as 777, I am just worry it will make security hole for internet user can write or change my files?

Thank you.

[pschaff]

One can argue about which is worse, but both the 777 permissions and disabling SELinux are security holes a cracker might drive a truck through. If SELinux is suspected as being a problem then temporarily put it in permissive mode with "setenforce 0" or via the config files, and create policies based on the AVC denial messages, then enable again.

As far as the file ownership issues, I can't advise specifically except to say that world read-write-execute is [b]not[/b] the way to go. Apache should be able to use things under /home if done properly, and changing ownership of files under /home should not be required. Alternately put everything under the default /var/www/...