Le 02/12/2017 ? 14:19, Leon Fauster a ?crit :> I would build a rpm package of wordpress (everything can be defined > there like permissions etc)The initial question was: WHAT permissions?> and disabling the automatic update > function in wordpress. Build once it can be installed on all (two > dozen) webservers automagically (local yum repository) ... externeThat would mean one package per Wordpress, since I don't have only one Wordpress installation per server. Not a solution. Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32
You could write a script to open the permissions, apply updates using something like http://wp-cli.org/, then close the permissions again. Run it through cron so you get updates in a timely manner. ~ Brian Mathis @orev On Sat, Dec 2, 2017 at 8:27 AM, Nicolas Kovacs <info at microlinux.fr> wrote:> Le 02/12/2017 ? 14:19, Leon Fauster a ?crit : > > I would build a rpm package of wordpress (everything can be defined > > there like permissions etc) > > The initial question was: WHAT permissions? > > > and disabling the automatic update > > function in wordpress. Build once it can be installed on all (two > > dozen) webservers automagically (local yum repository) ... externe > > That would mean one package per Wordpress, since I don't have only one > Wordpress installation per server. Not a solution. > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'?glise - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : info at microlinux.fr > T?l. : 04 66 63 10 32 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Am 02.12.2017 um 14:27 schrieb Nicolas Kovacs <info at microlinux.fr>:> > Le 02/12/2017 ? 14:19, Leon Fauster a ?crit : >> I would build a rpm package of wordpress (everything can be defined >> there like permissions etc) > > The initial question was: WHAT permissions?The application design should have considered security best practices. I do not known WP but check their sites. So, following the "need to write" requirement, its a good decision (yours) to allow only the minimum. "Normally" such space should be outside of the "document root" of the hosting.> and disabling the automatic update >> function in wordpress. Build once it can be installed on all (two >> dozen) webservers automagically (local yum repository) ... externe > > That would mean one package per Wordpress, since I don't have only one > Wordpress installation per server. Not a solution.All installations should have the same base (normally the latest WP release) - so, to be clear one package for all. This has nothing to do with different content or themes. I other words, if security is your focus then the process is the target of your effort. Its just my suggestion ... -- LF
Le 02/12/2017 ? 16:25, Brian Mathis a ?crit?:> You could write a script to open the permissions, apply updates using > something like http://wp-cli.org/, then close the permissions again. Run > it through cron so you get updates in a timely manner.This is EXACTLY what I've been looking for. I've spent a few hours experimenting with wp-cli, and the big advantage is you are supposed to run it as the user owning the web content, so no need to fiddle with permissions, even temporarily. I'm currently writing a detailed blog post about this, since it looks like this makes my life much easier. Thanks very much ! Cheers from the sunny South of France, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32
Le 02/12/2017 ? 16:25, Brian Mathis a ?crit?:> You could write a script to open the permissions, apply updates using > something like http://wp-cli.org/, then close the permissions again. Run > it through cron so you get updates in a timely manner.Here's a little script I wrote to automatically update Wordpress core, extensions and themes. Works perfectly. I'll run it manually for a few days, then I guess I'll define a cronjob for it. --8<------------------------------------------------------------- #!/bin/bash # # wordpress-update.sh # # Mise ? jour automatique de toutes les installations Wordpress # # (c) Nicolas Kovacs <info at microlinux.fr> # WP-CLI doit ?tre install? WP='/usr/local/bin/wp' # Apache HTUSER='apache' HTGROUP='apache' # Utilisateur normal WPUSER='microlinux' WPGROUP='microlinux' # Racine du serveur Web WPROOT='/var/www' # Identifier les installations Wordpress WPDIRS=$(dirname $(cd $WPROOT && find . -type f -name 'wp-config.php')) for WPDIR in $WPDIRS; do cd $WPROOT # D?finir les permissions correctes chown -R $WPUSER:$WPGROUP $WPDIR find $WPDIR -type d -exec chmod 0755 {} \; find $WPDIR -type f -exec chmod 0664 {} \; chown -R $WPUSER:$HTGROUP $WPDIR/wp-content find $WPDIR/wp-content -type d -exec chmod 0775 {} \; find $WPDIR/wp-content -type f -exec chmod 0664 {} \; cd $WPDIR # Mettre ? jour le moteur Wordpress su -c "$WP core update" $WPUSER # Mettre ? jour les extensions su -c "$WP plugin update --all" $WPUSER # Mettre ? jour les th?mes su -c "$WP theme update --all" $WPUSER done exit 0 --8<------------------------------------------------------------- Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32
Le 02/12/2017 ? 16:25, Brian Mathis a ?crit?:> You could write a script to open the permissions, apply updates using > something like http://wp-cli.org/, then close the permissions again. Run > it through cron so you get updates in a timely manner.I just published a detailed blog post about upgrading Wordpress using WP-CLI. https://blog.microlinux.fr/wp-cli/ Problem solved. Thanks again. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32