Question

Wordpress Update / HTML Root Permissions

I’m having a strange issue, wordpress is installed on CentOS 7, PHP-FPM, NGNIX. All seems to work fine, wordpress works, I can install plugins, and uload images etc… But when i try to update wordpress it peompts for FTP details, as it says files are not writable. In the health check plugin i see, The main WordPress directory Not writable The wp-content directory Writable The uploads directory Writable The plugins directory Writable The themes directory Writable

All Folders have the owner nginx, and all folder / file permsisions are correct. PHP / Nginx runs as the user nginx.

I’m guessing it’s a permission issue somewhere, but i just can’t see it. Even setting all folders to 777 has the same issue.

Has anyone any ideas?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Turns out it was SELinux causing the issue (See Below)

I simple ran the following two commands which fixed the issue. I’m not sure of the implications of this, so hopefully I’ve not opened up any security holes. But Wordpress now auto update, so I’m happy.

ausearch -c ‘php-fpm’ --raw | audit2allow -M my-phpfpm semodule -i my-phpfpm.pp

Log File

SELinux is preventing /usr/sbin/php-fpm from using the execmem access on a process.

***** Plugin catchall_boolean (89.3 confidence) suggests ******************

If you want to allow httpd to execmem Then you must tell SELinux about this by enabling the ‘httpd_execmem’ boolean.

Do setsebool -P httpd_execmem 1

***** Plugin catchall (11.6 confidence) suggests **************************

If you believe that php-fpm should be allowed execmem access on processes labeled httpd_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: ausearch -c ‘php-fpm’ --raw | audit2allow -M my-phpfpm semodule -i my-phpfpm.pp

Hi,

I’ve tried the above, but it still have the same issue. I decuded to spin up a new server, to do a fresh install on everything, but once again wordpress doesn’t think it can write to the root directory.

I can upload files / plugins through wordpress, so PHP must be working OK. I tried uploading a simple PHP file upload script, which worked so once again PHP and permissions look correct.

Its a really strange one, So if you have any other ideas, that would be great.

Thanks,

I have run into this situation on a few occasions. Most likely NGINX, PHP-FPM, and the FS Permissions are not quite correct.

For example NGINX is running under NGINX, Your site is located /var/www owned by root:root, and PHP is running as www-data. Even when you change the FS ownership there is still a conflict.

The solution I have found is to run Wordpress in its own user account.

For example lets say I have a wordpress site example.com. I would create a user example. In the user’s home directory I create my webroot - /home/example/public_html - and install wordpress here.

Then under /etc/php7/fpm/pool.d/ I create a file example.conf with the following settings

[example]
user = example
group = example
listen = /var/run/php7.0-fpm-example.sock
listen.owner = nginx
listen.group = nginx
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

Then you will need to update your NGINX config and the fastcgi_pass directive

...
fastcgi_pass unix:/var/run/php7.0-fpm-example.sock;
...

You can find more information here : https://www.digitalocean.com/community/tutorials/how-to-host-multiple-websites-securely-with-nginx-and-php-fpm-on-ubuntu-14-04 It is for Ubuntu, however the gist of it all will be the same.