[CDBUG-talk] FTP user for Wordpress Management
freebsd at fongaboo.com
Fri Aug 12 12:44:36 EDT 2016
Wanted to bounce this off you guys...
I run a FAMP colo box that has a bunch of Wordpress sites on it at this
point. Depending on users to keep Wordpress and plugins up to date hasn't
proved too successful.
So we want to run a plugin called InfiniteWP that lets us centrally
administrate all WP sites. However it requires that FTP credentials be
stored in each site's config PHP, so that brings with it its own security
Since all relevant Wordpress files have to be owned by the www group and
perm'ed 775, I thought it would be good to make one UNIX user that has
just the abilities needed by the plugin and join it to the www group. Then
I'd put those credentials in every WP config file and perm them 640.
First, I am wondering if this is a good idea, or is it still better to do
different credentials per config file.
Second, if it is a good idea, I am wondering how to make a user that can
1) FTP and FTP only and 2) can see outside chroot.
On #1, I could swear I used to make FTP-only accounts just by setting
shell to nologin, but then even FTP login failed.
On #2, is the only way to do this to add the user to the wheel group?
Which is kind of scary, amirite?
P.S. I am running ProFTPd if that matters
P.P.S. When are we gonna get back together?
More information about the CDBUG-talk