Wordpress and Linux geekery needed

[annathepiper]

Okay y'all, I need some clues from any of you folks out there who've set up your own Wordpress installs on your own Linux servers.

Here's the sitch: I want to be able to set up a Wordpress blog with ComicPress sitting on top of it for spazzkat to use on our server. What I've been able to do so far is get the base Wordpress install running; this part I've done before and that's okay. We also have ComicPress installed.

However, the complication is this: Wordpress's docs say that anything Wordpress actually needs to write to should be group-writable by whatever user your web server runs under. Only, due to past really bad experience with unscrupulous asshats hacking our server, we really don't want to set any directories or files writable by said web server user.

Which makes things a bit more complicated for running ComicPress, since it seems to expect to be able to upload files every time you want to generate a new comic post. I had thought that if you manually copied a file up into the account space you could then tell ComicPress, "use this file that's already sitting right here, don't upload", only that doesn't seem like it works...? It's confusing, nonetheless.

So does anybody out there have experience with safely and securely configuring Wordpress so that it can do everything it needs to do and so that you don't have to worry about asshats hacking your server? If you do, sing out and let me pick your brains. Thanks in advance!

Comments

[hubbit.livejournal.com]

Here's what I've done in a non-WP environment.:

1. Create a usergroup called spazzkat.

2. Make spazzkat and your webadmin part of this group.

3. Change the permissions for /var/www/the_wordpress_blog so that it's owned by your admin as a user but also the group spazzkat.

Spazzkat will now have write access to the directory, but as a nonroot user she cannot mess with the actual system, or the root directory.

Now, WP itself I have the merest experience with; I've set up an installation but not done much with it. I'd suggest WPMU, WordPress MultiUser, which can handle multiple blogs (and with a readily available plugin, multiple domains), and which can take multiple users with varying degrees of ownership. That may in the end be your better bet.

[annathepiper]

I know about WordpressMU, yes. However, using that wouldn't really solve the problem as far as I know. Having multiple blogs on the system isn't the point of confusion; I've successfully set up three other blogs in addition to this one.

solarbird and I have discussed the group option already, or at least something similar to what you've described here. The part that concerns me is this: even if directory blahblahblah is group-writable by the web user, shouldn't this mean in theory that somebody could dump something nasty into that directory? And if a file in that directory is group-writable by the web user, couldn't that also be exploited?

[hubbit.livejournal.com]

Only the users in the group can do anything to the directory. There is always the possibility that the user can become turncoat and sabotage that particular site - we are dealing with humans, after all - but if they are a nonroot user who only has access to that specific directory, that's all they can do. If the root directory or other subdirectories are not owned by that group or user, the user cannot touch it.

There are actually several ways to do this, and I am not sure which would be preferable:

1.) Create a nonroot user called spazzkat; chown /var/www/spazzkat to both user and group spazzkat, but also add yourself (we'll say user anna) to the spazzkat group. That way should you need to make any adjustments, you needn't invoke superuser.

2.) Create a nonroot user called spazzkat. Create a group called spazzkatblog. chown /var/www/spazzcat to yourself (or your admin) as user, and to spazzkatblog as group. Include yourself and spazzkat as members of the group spazzkatblog.

3.) Lies. There is no 3.

I run several sites for an organization and I'm a firm believer in assigning specific subdirectories to nonroot users, with aliases to /var/www/$USER in their home directories. Most of them are editing offline and uploading anyway, so the alias comes in handy when they ftp into the server.

And for G-d's sake please make any users who upload use sftp. On my ubuntu servers I actually run vsftpd (Very Secure FTP), which is parnoid-secure but which must be configured after installation. You want the entire ftp session in a secure shell environment. Encryption is your friend.

[annathepiper]

We already make everybody on the system use secure ftp, we turned off regular ftp ages ago.

But I don't think you're quite understanding what I'm asking. I understand the principle of how a group works and how to set it up. What I'm asking though is about groups that specifically involve the user that runs Apache. I'm concerned about making any directory writeable by that specific user.

Because if it is, wouldn't that therefore mean that anybody could theoretically take advantage of an Apache vulnerability, or a Wordpress one, to screw something up in that directory?

[hubbit.livejournal.com]

Ah, see that's where my confusion comes in. I've tossed the question to my Twitter, because I have half a dozen or so friends who either administer servers or who have in the past.

[annathepiper]

Yes, basically what I'm looking for here is if there's a suitably safe and secure alternative to making the pertinent directories writable by the Apache user. Or, otherwise, minimizing the risk if I do have those directories writable. Thanks for your help. :)