Wordpress Linux文件权限和组 [英] Wordpress Linux file permissions and group

问题描述

我有一个Linux服务器(Debian 7)，其中有许多需要Wordpress的用户.当我创建用户时，他们应该属于哪个组?今天，我将它们分配给www-data. 然后他们通过SFTP下载Wordpress并运行安装.

I have a Linux server (Debian 7) with lots of users who needs Wordpress. When I create the users what group should they be in? Today I assign them to www-data. Then they download Wordpress by SFTP and runs the installation.

文件应具有哪些文件权限和用户/组，特别是wp-config.php?

Which file permissions and user/group should their files have, specially wp-config.php?

现在，用户可以从终端上窥视对方wp-config.php并读取密码.不太好.

Now, users can peek in eachothers wp-config.php from the terminal and read the password. Not very good.

由于用户不是root用户，因此无法更改文件权限/wp-config.php的所有者，这将解决我的问题.

Since the users aren't root they cant change file permissions/owner of wp-config.php which would solve my problem.

推荐答案

您可以使用Mike Conigliaro的此脚本来正确设置所有wordpress文件的权限.

You can use this script by Mike Conigliaro for for setting permissions correctly on all wordpress files.

WP_OWNER=changeme # <-- wordpress owner
WP_GROUP=changeme # <-- wordpress group
WP_ROOT=/home/changeme # <-- wordpress root directory
WS_GROUP=changeme # <-- webserver group

# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess

# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

这篇关于Wordpress Linux文件权限和组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！