Web App (e.g. WordPress) folder permissions and ownership

Zzz · June 22, 2021, 3:37pm

For a new WordPress install hosted on ApisCP, when attempting to crop an image via the WordPress dashboard it produces an error due to it not being able to write to the /wp-content/uploads/* directories. The ownership for those directories is admin-xxx rather than apache. In either case, whether the directories are owned by apache or admin-xxx, the WordPress dashboard is still not able to write to these directories.

I am able to solve the problem by recursively adding write permissions for group:

How can I best solve this issue permission/ownership issue?
Which user actually owns the application?
Is it better to do this via the Terminal versus the ApisCP dashboard forms? I noticed that setting permissions on folders recursively only applies the change one level deep (the folder it directly applies to and the folders nested at the first level).

Thank you.

Zzz · June 22, 2021, 4:01pm

Update: I just noticed the extensive documentation already provided in ApisCP about permissions. I think this may have the answer to one part of my problem: Permissions overview | ApisCP Knowledge Base.

Another part of the problem still exists - that by selecting to change the permissions recursively, only folders that are nested one level deep get changed.

msaladna · June 22, 2021, 4:14pm

Go to Web > Web Apps. Change Fortification > Fortify. It’ll open up write access to wp-content/uploads among other directories.

Fortification is part of principle of least-privilege subsystem PHP apps run to reduce the threat of hacks. You can disable this and make the account behave like any other cPanel/Plesk account by changing the pool owner to same-user via Web > PHP Pools. It’s best to use Fortification when possible.

Zzz · June 22, 2021, 4:15pm

So helpful, thank you

eujian · October 6, 2021, 10:35pm

Nice… was looking for this issue as well