[CDBUG-talk] FTP user for Wordpress Management

Patrick Muldoon doon at inoc.net
Fri Aug 12 13:03:01 EDT 2016


Wait you are running shared php sites without something like mod_ruid2  to force php to run as the user? That might be first thing I would look into

As for meeting our new office space is pretty nice  and easy to get to. Just let me know and we can set something up. 

-----------------
Patrick Muldoon

Typed with my thumbs on a mobile device please excuse any errors. 

> On Aug 12, 2016, at 12:44 PM, Fongaboo <freebsd at fongaboo.com> wrote:
> 
> 
> Wanted to bounce this off you guys...
> 
> I run a FAMP colo box that has a bunch of Wordpress sites on it at this point. Depending on users to keep Wordpress and plugins up to date hasn't proved too successful.
> 
> So we want to run a plugin called InfiniteWP that lets us centrally administrate all WP sites. However it requires that FTP credentials be stored in each site's config PHP, so that brings with it its own security concerns.
> 
> Since all relevant Wordpress files have to be owned by the www group and perm'ed 775, I thought it would be good to make one UNIX user that has just the abilities needed by the plugin and join it to the www group. Then I'd put those credentials in every WP config file and perm them 640.
> 
> First, I am wondering if this is a good idea, or is it still better to do different credentials per config file.
> 
> Second, if it is a good idea, I am wondering how to make a user that can 1) FTP and FTP only and 2) can see outside chroot.
> 
> On #1, I could swear I used to make FTP-only accounts just by setting shell to nologin, but then even FTP login failed.
> 
> On #2, is the only way to do this to add the user to the wheel group? Which is kind of scary, amirite?
> 
> 
> P.S. I am running ProFTPd if that matters
> 
> P.P.S. When are we gonna get back together?
> 
> _______________________________________________
> CDBUG-talk mailing list
> CDBUG-talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/cdbug-talk



More information about the CDBUG-talk mailing list