Problem with permissions of Wordpress uploads and suPHP

E

elbarto

Verified User
Joined
Oct 8, 2008
Messages
133
I'm having this problem in a couple of servers I recently migrated to suPHP and I can't find the answer anywhere.

When Wordpress uploads a file to the uploads/ folder it stores it with 0600 permissions. Since the owner of the file is a Directadmin user (let's say "john"), Apache can't read it.

Does anyone know how to prevent this? It's very uncomfortable for all my clients who use Wordpress, because currently they need to change the permissions of the files they upload manually to 644.

I'm guessing, since I'm not the first one using suPHP on a web hosting server, there must already be a fix for this.

Somewhere I read that on suPHP's config I should have:

Code: 
umask=0022

That's the default that Custombuild set when I installed suPHP, so that's not the problem.

Any ideas?

Thanks!
 
Why does apache have to read it? The file should be owned by the user and the php scripts trying to read it should be the user too.

Do you have errors in your http or suphp logs?
 
Because when you upload an image, Apache needs to read it if you want it to show it.
 
Well, the error is that Apache hasn't permission to read the image (or whatever type of file).

Example:
Code: 
[Fri Jun 03 13:34:51 2011] [error] [client 190.17.233.159] (13)Permission denied: file permissions deny server access: /home/myuser/domains/domain.com/public_html/wp-content/uploads/headbox2011.png, referer: http://www.domain.com/
 
Something with your suphp doesnt seem right then.

Does this happen with only png files?
 
It happens with all files that are uploaded by Wordpress. I don't think there's anything strange from my suphp configuration, but here's my suphp.conf:

Code: 
[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=warn

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

; Normally suPHP only displays the PHP binary in process lists (ps aux).
; Setting this option to 'true' will cause suPHP to display both the
; PHP binary and the script filename.
;full_php_process_display=true

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path="/bin:/usr/bin"

;Umask to set, specify in octal notation
umask=0022

;Minimum UID
min_uid=100

;Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-php5="php:/usr/local/php5/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
 
I host over 800 wordpress sites on my servers and have no problems at all.

I just went and tested a fresh wordpress install and I have no problems uploading any media through wordpress.

You should try reinstalling wordpress.

cd /usr/local/directadmin/custombuild
./build update
./build clean
./build suphp n
./build php n
./build rewrite_confs

Other then that you might want to check that all the folder permissions are correct and owned by the user only.

If you still cant figure it out you might want to find "smtalk" on the forum here and private message him to take a look.

You could also have directadmin support look at it if you want.

Your suphp config is the same as mine and I am having no issues like this.
 
Why are images processed by suPHP anyway? suPHP should only run PHP files, it should not process other files at all, in normal situations. Have you made changes to users httpd.conf or .htaccess perhaps?
 
Hi, I'm getting back to this issue. I haven't been able to solve it.
I did what scsi sugested but it didn't help.

I don't know if it has anything to do, but I have compiled suphp with:
Code: 
--with-setid-mode=owner
.

Answering to getUP, images get processed by suPHP because they are uploaded by Wordpress. So PHP creates the image file on the filesystem, but it creates them with 0600 permissions, and then when Apache wants to read them, it fails because Apache doesn't own the image file.
 
elbarto said:
Hi, I'm getting back to this issue. I haven't been able to solve it.
I did what scsi sugested but it didn't help.

I don't know if it has anything to do, but I have compiled suphp with:
Code: 
--with-setid-mode=owner
.

Answering to getUP, images get processed by suPHP because they are uploaded by Wordpress. So PHP creates the image file on the filesystem, but it creates them with 0600 permissions, and then when Apache wants to read them, it fails because Apache doesn't own the image file.
Click to expand...

Have you enabled and configured Secure Access Group?
 
I haven't tried, I didn't know of that feature, but I'm not sure if it would help, since the files are being created with 0600 permissions... the group doesn't have any permissions for anything
 
elbarto said:
I haven't tried, I didn't know of that feature, but I'm not sure if it would help, since the files are being created with 0600 permissions... the group doesn't have any permissions for anything
Click to expand...

It is recommended you configure this solution. If Apache can't read the files, as stated in your first post, then giving it exclusive permission to do so through the Secure Access Group method will more than likely help. Aside your current issue, it'll add another layer of protection on your server.

Also, go ahead and reset your directory permissions to 755. This fixed my issues a few days ago when I switched over from CLI to CGI+suPHP.

Code: 
find /home/*/domains/*/public_html -type d -exec chmod 0755 {} \; -print
find /home/*/domains/*/private_html -type d -exec chmod 0755 {} \; -print
 
You must log in or register to reply here.
Back
Top