2. Algorithm
  3. directory - local folder permissions vs chown -- security considerations

directory - local folder permissions vs chown -- security considerations

admin2025-06-02  1

I was trying to install a plugin, and I kept getting the following error:

Unpacking the package…
Could not create directory.

I'm on Localhost on a XAMPP stack on Mac OS X Yosemite.

The way I solved this was by changing the wp-content folder's permissions in Finder, so that everyone could write to not only the folder but also to all enclosed items.

Per the image below, I right clicked on (1), then changed (2) to "Read & Write" and then chose "apply to enclosed items" in (3).

The proper way to solve this would have been to give the correct user write permission to the wp-content folder by using the chown command.

I didn't use the chown command because (1) I'm still learning how to use it, and (2) it's not clear to me which user is supposed to be given permission to... whether it's the apache user or the ftp user (I'll figure it out eventually).

My question is, if I were to migrate this wordpress site to an online domain based on an Ubuntu server, what are the security implications of my having given everyone write access to this folder and how should I deal with them?

I was trying to install a plugin, and I kept getting the following error:

Unpacking the package…
Could not create directory.

I'm on Localhost on a XAMPP stack on Mac OS X Yosemite.

The way I solved this was by changing the wp-content folder's permissions in Finder, so that everyone could write to not only the folder but also to all enclosed items.

Per the image below, I right clicked on (1), then changed (2) to "Read & Write" and then chose "apply to enclosed items" in (3).

The proper way to solve this would have been to give the correct user write permission to the wp-content folder by using the chown command.

I didn't use the chown command because (1) I'm still learning how to use it, and (2) it's not clear to me which user is supposed to be given permission to... whether it's the apache user or the ftp user (I'll figure it out eventually).

My question is, if I were to migrate this wordpress site to an online domain based on an Ubuntu server, what are the security implications of my having given everyone write access to this folder and how should I deal with them?

  • directory
  • permissions
Share Improve this question edited Mar 1, 2015 at 16:58 thanks_in_advance asked Feb 28, 2015 at 22:36 thanks_in_advancethanks_in_advance 1337 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 2

Wp-content contains plugins and themes. So, if I can read and write into those files, I could add malicious code very easily. This malicious code can then do interesting things. You are basically inviting a lot of trouble.

As for not understanding permissions:

http://www.thegeekstuff/2010/04/unix-file-and-directory-permissions/

http://codex.wordpress/Changing_File_Permissions

I followed several links that suggested to:

  1. Get ownership of wp-content folder: sudo chown -R <usernam> wp-content
  2. Set the correct uploads folder through the wp-content/option.php file: sudo nano wp-admin/options.php
  3. Own the Plugins folder: sudo chown www-data:www-data plugins -R
  4. Own the wp-content folder: sudo chown www-data:www-data wp-content -R
  5. Change uploads folder permissions: sudo chmod 755 -R uploads
  6. Change plugins folder permissions: sudo chmod 755 -R plugins

Even though all of them make sense, nothing worked. What worked for me was a much more simple solution.

sudo nautilus

and then i changed folder permissions thorough the GUI.

It actually does exactly the same as above, but succeeds.

转载请注明原文地址:http://conceptsofalgorithm.com/Algorithm/1748851543a314252.html

directorylocal folder permissions vs chownsecurity considerations

最新回复(0)