IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Safe to set permissions to 757 temporarily to update via wp-cli?

    • IT Nursery
    • May 23, 2022
    • 0

    LEMP stack on digitalocean VPS.

    I haven’t been able to get “wp core update” to work unless public (or “Other”) has execute permission, i.e. 757 or 777.

    Otherwise, it throws “Error: Could not create directory” every time.

    I checked that the user who owns the wordpress install is the same user running “wp core update”

    Things I’ve attempted so far are setting permissions to 775, chown www-data:www-data, moving the wp-cli file.

    I have multiple websites running on this droplet/server, and each experience the same problem.

    So, let’s say I set a cronjob to set permissions to 757, update, and set back to 755 directories 644 files 660 wp-config.php

    Is that relatively safe to do? Would I be putting my clients’ sites in considerably jeopardy doing this?

    1 Answer
    1

    I think setting a cron job to automatically turn permissions on and off might be a bit of an extreme workround 🙂 I think it is probably worth spending the time to set up working permissions on your server, rather than a cron job which could introduce other problems.

    This has been a good resource for me – https://codex.wordpress.org/Hardening_WordPress.

    This has also been a great resource for me –
    https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04

    These are the steps I have used to allow automatic / wp-cli updates of WordPress and plugins on an Ubuntu droplet with NGINX as the web server.

    1. Set the recommended file and folder permissions:

      750 for Directories
640 for Files
except for wp-config.php, this should be 440.

      To do this for directories:

      find /srv/www/your-site/ -type d -exec chmod 750 {} \;

      and files:

      find /srv/www/your-site/ -type f -exec chmod 640 {} \;

      and wp-config.php:

      sudo chmod 440 your-site/wp-config.php

    2. Set the owner and group to web:www-data where web is a non-root user with sudo user permissions.

      sudo chown -R web:www-data /srv/www/your-site

      This command will give you more information of what user / group NGINX is running under:

      ps -eo pid,comm,euser,supgrp | grep nginx

      https://superuser.com/questions/398833/how-to-determine-the-user-and-group-of-a-deamon-in-ubuntu

      The group is www-data in my case.

    3. Set setgid bit so that all new files inherit the group of the parent directory.

      sudo find /srv/www/your-site -type d -exec chmod g+s {} \;

    4. Give the group write access to the wp-content directory.

       sudo chmod g+w /srv/www/your-site/wp-content

    5. Give the group write access to the plugins, themes and uploads directories.

      sudo chmod -R g+w /srv/www/your-site/wp-content/themes
sudo chmod -R g+w /srv/www/your-site/wp-content/plugins
sudo chmod -R g+w /srv/www/your-site/wp-content/uploads

    6. Make sure you are running the core update command as the owner in step 2 if necessary switching to that user first.

      su web
wp core update
    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *