Wordpress Manager - File Permissions
Hi,
I'm just wondering what is the reason behind the wordpress manager setting the wordpress files/folders to executable files with permissions: -rwxr-xr-x? As the files show up with green titles with an * at the end of the name.
I would have thought this wouldn't be a good idea to do in terms of security? If anyone can shed some light on why it does this then that would be appreciated.
-
Hi @MattGarner I believe this is actually based on the handler you're using for php as I'm not able to replicate that for all files when I used the wordpress manager to install. To test this I created a new subdomain, then used the wordpress manager to install a new wordpress installation. My files and folders are all using the standard 755/644 permissions. It's standard for directories to be 755 but for files to be 644 [root@server user]# ls -lah total 208K drwxr-x--- 7 myser nobody 4.0K Nov 29 10:39 . drwxr-x--- 7 myser nobody 4.0K Nov 29 10:38 .. drwxr-xr-x 2 myser myser 4.0K Nov 29 10:38 cgi-bin -rw-r--r-- 1 myser myser 418 Sep 24 2013 index.php -rw-r--r-- 1 myser myser 20K Jan 6 2018 license.txt -rw-r--r-- 1 myser myser 7.3K Mar 18 2018 readme.html drwxr-xr-x 3 myser myser 4.0K Nov 29 10:39 .well-known -rw-r--r-- 1 myser myser 5.4K May 1 2018 wp-activate.php drwxr-xr-x 9 myser myser 4.0K Aug 2 15:39 wp-admin -rw-r--r-- 1 myser myser 364 Dec 19 2015 wp-blog-header.php -rw-r--r-- 1 myser myser 1.9K May 2 2018 wp-comments-post.php -rw------- 1 myser myser 2.6K Nov 29 10:39 wp-config.php drwxr-xr-x 5 myser myser 4.0K Nov 29 10:39 wp-content -rw-r--r-- 1 myser myser 3.6K Aug 19 2017 wp-cron.php drwxr-xr-x 18 myser myser 12K Aug 2 15:39 wp-includes -rw-r--r-- 1 myser myser 2.4K Nov 20 2016 wp-links-opml.php -rw-r--r-- 1 myser myser 3.3K Aug 22 2017 wp-load.php -rw-r--r-- 1 myser myser 37K Jul 16 09:14 wp-login.php -rw-r--r-- 1 myser myser 7.9K Jan 10 2017 wp-mail.php -rw-r--r-- 1 myser myser 16K Oct 3 2017 wp-settings.php -rw-r--r-- 1 myser myser 30K Apr 29 2018 wp-signup.php -rw-r--r-- 1 myser myser 4.6K Oct 23 2017 wp-trackback.php -rw-r--r-- 1 myser myser 3.0K Aug 31 2016 xmlrpc.php0 -
Hi, Thanks for the reply. I believe we have the handler set to: suphp 0 -
Hi @MattGarner Files should not be set to 755 with suPHP it would cause a lot of issues. Can you confirm whether or not you're running suPHP? You can check the PHP handler for the version of PHP your site is using at WHM>>Software>>MultPHP Manager -> Handlers. Thanks! 0 -
Hi @MattGarner Files should not be set to 755 with suPHP it would cause a lot of issues. Can you confirm whether or not you're running suPHP? You can check the PHP handler for the version of PHP your site is using at WHM>>Software>>MultPHP Manager -> Handlers. Thanks!
Hi Lauren, I've just looked at the PHP handlers page and all of them have suphp as the PHP Handler. We do have CloudLinuxOS installed - Not sure if that changes anything. I've just installed Wordpress on a test domain just to make sure a client didn't do anything on their side and it's done the exact same thing where a lot of files have -rwxr-xr-x set on permissions and when you look at the files via SSH they have green names and * at the end to show they are executable.0 -
Hi @MattGarner What do you get when you run the following: grep umask /etc/bashrc /etc/profile0 -
Hi @MattGarner What do you get when you run the following:
grep umask /etc/bashrc /etc/profile
I get the following:/etc/profile:# By default, we want umask to get set. This sets it for login shell /etc/profile: umask 002 /etc/profile: umask 0220 -
Hi @MattGarner The user umask settings seem normal for shell. What about for the user specifically. If you access shell as the user (or su to the user) Just run umask
this should come back as 0020 -
Hi @MattGarner The user umask settings seem normal for shell. What about for the user specifically. If you access shell as the user (or su to the user) Just run
umask
this should come back as 002
Comes back as: 00220 -
Hi @MattGarner That is incorrect for the cPanel user. This thread might be helpful: Cloudlinux/CageFS may also be a factor here as well. If you purchased your CL license through us please feel free to open a ticket with us using the link in my signature, so we can take a closer look. If your CloudLinux License is through them or another reseller you can contact their support here: Thanks! 0 -
Hello, I found that it appears you've opened ticket ID 10885501. I'm following this ticket and I'll update this thread with any further information as it becomes available. Thanks! 0
Please sign in to leave a comment.
Comments
10 comments