Permissions on files and folders

[aaw0]

Hi,

It seems that the default values for permissions are not suitable for production , the folders wp-admin, wp-content, wp-includes are all 777.

total 240
drwxrwxrwx  2 nginx nginx  4096 May 12 06:34 conf
-rw-r--r--  1 nginx nginx   405 May 11 12:10 index.php
-rw-r--r--  1 nginx nginx 19915 May 12 04:24 license.txt
-rw-r--r--  1 nginx nginx     0 May 12 04:23 nginx.conf
-rw-r--r--  1 nginx nginx  7402 May 12 04:24 readme.html
-rw-r--r--  1 nginx nginx  7205 May 11 12:10 wp-activate.php
drwxrwxrwx  9 nginx nginx  4096 May 11 12:10 wp-admin
-rw-r--r--  1 nginx nginx   351 May 11 12:10 wp-blog-header.php
-rwxrwxrwx  1 nginx nginx  2338 May 11 12:10 wp-comments-post.php
-rw-r--r--  1 nginx nginx  3013 May 12 04:24 wp-config-sample.php
-rw-rw----  1 nginx nginx  5029 May 12 11:08 wp-config.php
drwxrwxrwx  8 nginx nginx  4096 May 12 12:21 wp-content
-rwxrwxrwx  1 nginx nginx  5536 May 12 04:24 wp-cron.php
drwxrwxrwx 28 nginx nginx 12288 May 12 04:24 wp-includes
-rwxrwxrwx  1 nginx nginx  2502 May 12 04:24 wp-links-opml.php
-rwxrwxrwx  1 nginx nginx  3792 May 12 04:24 wp-load.php
-rwxrwxrwx  1 nginx nginx 49330 May 12 04:24 wp-login.php
-rwxrwxrwx  1 nginx nginx  8541 May 12 04:24 wp-mail.php
-rwxrwxrwx  1 nginx nginx 24993 May 12 04:24 wp-settings.php
-rwxrwxrwx  1 nginx nginx 34350 May 11 12:10 wp-signup.php
-rwxrwxrwx  1 nginx nginx  4889 May 12 04:24 wp-trackback.php
-rwxrwxrwx  1 nginx nginx  3238 May 12 04:24 xmlrpc.php

Is there a script that i can run to set the permissions properly, i tried the following script but it did not work, could be because it is for ubuntu while the current instance running on Alpine Linux.

https://gist.github.com/Adirael/3383404

[aaw0]

UPDATE

I have managed to run the above script, but manually, line by line as I wanted to know how long each command will take time. below is my results:

# reset to safe defaults
# first one approximately two minutes
find /var/www/wordpress -exec chown nginx:nginx {} \;
# next few seconds
find /var/www/wordpress -type d -exec chmod 755 {} \;
# next took about 3.5 minutes
find /var/www/wordpress -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)
chgrp nginx /var/www/wordpress/wp-config.php
chmod 660 /var/www/wordpress/wp-config.php

# allow wordpress to manage wp-content
# next took 2.30 Minutes
find /var/www/wordpress/wp-content -exec chgrp nginx {} \;
# next took 20 seconds
find /var/www/wordpress/wp-content -type d -exec chmod 775 {} \;
# finally, this took 3 minutes
find /var/www/wordpress/wp-content -type f -exec chmod 664 {} \;

But I still wonder if there is an official way of doing this.

[aaw0]

Update -

Unfortunately the problem still persists.

Because the web app does not persist anything outside the /home directory.

[rabollin]

Hi @aaw0 -App Service uses CIFS drives for the file storage, and it doesn't support permission changes. However, having 777 permissions will not cause any security threats as App Service will not allow you to inject any custom script directly to the file system. If you still wanted to run the above scripts, one-way you can try is using startup script as described here: https://github.com/Azure/wordpress-linux-appservice/blob/main/WordPress/running_post_startup_scripts.md

[rabollin]

@aaw0 - Do you have any further update on this issue? Does the above instructions help you handling your case? Can I go ahead and close the issue.

[rabollin]

Since I have not heard back for more than a month time, I am closing this issue.

[aaw0]

@rabollin Thank you for the confirmation.

[victorlin]

I found this issue after seeing a warning from W3 Total Cache plugin:

/var/www/wordpress/wp-content is write-able. When finished installing the plugin, change the permissions back to the default: chmod 755 /var/www/wordpress/wp-content. Permissions are currently 777.

and noticing that the permission change did not persist.

Could you document this limitation in one of the sections describing the W3 Total Cache plugin? Since it is enabled by default, many users may be confused by this message.

[BlackRider97]

You can find more explanation here and 777 permission is completely acceptable & it's by design. Please feel to ignore this warning in W3TC plugin