I host a number of sites and recently migrated to a new server (both old and new are running Ubuntu 10.04 [I only upgrade my web server when there is a new LTS release]). After the migration, Wordpress is asking for ftp credentials to update plugins, which it never used to do. I'm certain this is user/group/permissions related, but because of the new setup, I'm not sure what these should be set to.

On the previous server, each site was a subdirectory of /var/www/ and everything was owned by www-data. This wasn't the best setup, since it meant my users didn't have direct access to their own sites. In the new setup, each page I host is in /home/username/www/. Consequently, all the files are owned by 'username'.

My guess is that Wordpress' request for ftp credentials stems from a conflict between the apache2 user and the usernames that own the sites. Is this accurate? If so, how do I rectify this?

Hi,

Okay, beforehand, I want to apologise if my answer is incorrect or beside the point.

I run a private server as well, users need to upload/update their stuff on that server. It runs VSFTPD. So, I have set the conf in such a way that the user (who has an account on the server of course) is chroot/jailed into her/his own folder. The /var/www/ has symlinks to each folder, the rest means you'd have to mount the symlink from the /var/www folder to the user's folder individually. One mount action per user on the server.
That could give you the same ease as before, but the added security. I asume (asume being the scream here) wordpress wants to get tuned in per user...

At any rate, that's how I'd go about it...

Again, luck and apologies if in any chance I posted besides the point...but this challenge was way too interesting to just let is go...

Luck

Thor

I hadn't thought of that setup, and it might be worth a shot. If it is a permissions problem, though, I'm not sure this will rectify it. While the symlink from /var/www/ to the user's directory itself would have the right permissions, everything past that would still be owned by the user. This would be a quick solution to test though, so I'll give it a try.

Well, I changed the sites-available page for one of my sites to direct connections to the symlink in /var/www/, but no change. Wordpress still asks for ftp cedentials when updating plugins. :-/ Any other suggestions?

Okay, so I think I found an acceptable workaround:

Instead of directing apache to a symlink in /var/www, I went a completely different (and actually much-simpler-to-implement) route. I moved the sites back into their respective owners' home directories, but changed the permissions to the following:

drwxrwx--- 5 www-data username 4096 2011-06-19 12:46 www

This way, apache's user owns the file, so Wordpress doesn't have any problems updating plugins or new worpress upgrades, and since the site's directory belongs to the user's individual group and the group has full privileges on the directory (and all the files/subdirectories within it), they can still treat it like their own directory.

This setup appears to work, save for one thing: Wordpress admins can't delete plugins. I'm not sure why that is, but I'm also okay with it for now.

Additionally, I'm not sure that I haven't, by doing it this way, opened up some massive vulnerability without realizing it. Any thoughts?