I Am Completely Serious

NearlyFreeSpeech.net does not get along well with a brand-new Wordpress installation. The Wordpress installation will do stuff like this:

• Refuse to upload a file, with an error message like this:

  “Unable to create directory [blah blah blah]. Is its parent directory writable by the server?”

• Refuse to allow you to edit a theme or plugin file, with the message:

  “If this file were writable you could edit it.”

• When you try to change your permalink structure, or to set “Organize my uploads into month- and year-based folders” to “on,” give you these messages:

  “You should update your .htaccess now.”

  “If your .htaccess file were writable, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your .htaccess file. Click in the field and press CTRL + a to select all.”

This stuff happens because NearlyFreeSpeech has PHP safe_mode turned on, which limits what PHP scripts can do. Specifically, under NearlyFreeSpeech’s setup of safe_mode, a PHP script cannot edit a file or folder that does not have the same “group” as it does. Also, PHP scripts that are going to be writing files must be part of the “web” group. (See their blog post going into more detail about this here, and the safe_mode documentation here.)

(Ironically, though safe_mode does this to protect users from attack, the actual effect is often to weaken security, as confused Wordpress/Mambo/Gallery/etc users change their file permissions to “777″ trying to fix broken features, opening themselves up to attacks to which they wouldn’t have been vulnerable before.

(Oh, and if you’re on another host and reading this, and want to figure out if your host has safe_mode enabled, make a file in your hosting account named somethingorother.php and containing this text, then open it in your browser.))

So, for Wordpress to work right on NearlyFreeSpeech, the main Wordpress directory and everything in it need to be part of group “web.” The reason the fresh Wordpress install doesn’t work, is that by default, everything you upload is part of group “me.” To make it work right, you need to change that.

To do this, you’re going to need to get into the shell and do some command-line stuff. And, uhh, if you have no idea what that sentence means (and it’s kind of a wussy sentence), please consider backing away from this guide and going to tech support. I seriously cannot take responsibility for bad stuff that might happen to your website if you do this blind.

(Also, please keep in mind that I’m working from NearlyFreeSpeech’s server conditions as of this particular moment in time - they may have changed stuff by the time you read this.)

Still here? Okay. The rest of this tutorial assumes that,

1) You have WordPress installed already, and you know what directory it’s in.

2) You know how to use an FTP client.

Okay. Here’s what you do:

-

1)

Download Putty.

2)

Download and install the FTP client FileZilla. You won’t actually be using it to do much, but it makes it much easier to see what Putty’s doing.

It doesn’t absolutely have to be FileZilla - if you’ve got another FTP client installed, and it can do SFTP and can show you a file’s permissions, owner, and group, then that’s fine.

3)

Open Putty. There’ll be a box that says “Host Name (or IP address).” Into that box, paste “ssh.phx.nearlyfreespeech.net”. This is NearlyFreeSpeech’s SSH Hostname.

4)

Hit the “Open” button. The first time you do this, you will see a very scary-looking dialog box, saying something like “The server’s host key is not cached in the registry. Indescribably horrible things will happen to you if you click ‘Yes’ down there. My brother died that way.” It’s probably fine, hit “Yes.”

5)

A terrifying terminal window will appear, black as a moonless night. It will say “login as:” Type in your username. This is the same as your FTP username, and can be found on your “Site Information” page.

6)

It’ll ask you for your password. Type that in.

7)

Open FileZilla and log into your account using SFTP. You do that exactly the same way you log in using normal FTP, except that you put “ssh.phx.nearlyfreespeech.net” in the “Host” box instead of “ftp.phx.nearlyfreespeech.net,” and select “SFTP” instead of “FTP” in the “Servertype” box.

The first time you do this, there should be a dialog box asking if you’re sure you want to go through with this and talking about bad guys coming to get you, but you can just ignore it. They’re probably very small bad guys.

When you’re logged in, navigate to the directory Wordpress is installed in and look at your file permissions and owner/group columns. Go into a few subdirectories and check them out, too.

In all likelihood, your owner/group column says “me me” all the way down. (If you have an .htaccess file in there, it may possibly say “web me” or “web web.” Don’t worry about it.) Ideally, your file permissions are all set to 664, and your directory permissions are set to 775. If not, we’ll change them in a minute.

7a)

Oh, and if you don’t have an .htaccess file in the main Wordpress directory, create an empty one now.

8)

Putty starts out in your “htdocs” directory, aka your “public” directory. If you installed Wordpress directly in this directory, skip to the next step.

If not, we need to change directories, using the brilliantly named bash command “cd”. Figure out the pathname for your directory, and type in:

cd path

For example, if your Wordpress installation’s in /htdocs/wordpress or /htdocs/personal/wordpress,

cd wordpress
cd personal/wordpress

9)

Okay, so you’re in your Wordpress directory. Type in

ls -al

A long list of all the files in the directory will appear. The entries should look something like this:

drwxrwxr-x 8 me me 2048 Jul 3 11:06 wp-admin
-rw-rw-r-- 1 me me 32776 Jul 3 10:54 wp-app.php
-rw-rw-r-- 1 me me 129 Jul 3 10:54 wp-atom.php
-rw-rw-r-- 1 me me 1026 Jul 3 10:54 wp-blog-header.php

Yeah, it looks pretty much like what you’re seeing in FileZilla. The incomprehensible string of characters at the beginning of each line represents the file’s permissions, and the “me me” after it means that the file’s user and group are both “me.”

10)

This is the part where we actually change something. We will be changing every single file and subdirectory in your Wordpress installation at once. If you’re going to chicken out, do so now.

We’re first going to change everything in the directory’s group to “web”. The command to do that is

chgrp -R web *

Type that in and hit enter. There’ll probably be a short pause before the command line reappears again.

Once it has, go into FileZilla, move to another directory, then move back. Your owner/group column should now say “me web” all the way down (except possibly for the .htaccess file, which might say “web web”). Now move into a couple of subdirectories and check them out. We did it!

11)

We probbbably did it. Just to double-check, go back to Putty, and type in

find . -group me

This will search for any files in the directory that are still part of group “me”. If you installed Wordpress via Subversion, there may still be some in a directory called .svn. You can ignore those - as long as there aren’t any others, you’re safe.

12)

Now we’re going to make sure your file and directory permissions are all correct. They should be fine already - a fresh Wordpress install has the correct permissions automatically - but if you or anyone else has been fiddling around with the installation trying to fix things, you may have changed some to 777 or something, which is not good. So just to be paranoid, we’re going to reset them to the default.

First, we want to change all your files’ permissions to 664 - that is, group-writable. To do that, type

find . -type f -exec chmod 664 {} \;

Now, we’ll change all the directories’ permissions to 775 (group-writable all-executable, because directories need to be executable if you ever think you’ll want to, you know, open them):

find . -type d -exec chmod 775 {} \;

Annnd go check around in FileZilla to make sure everything looks right.

13)

Now go test whatever didn’t work before in your Wordpress installation. Hopefully it works now!

14)

Remember that whenever you upload a new file via FTP, its group will always be “me” by default. This means that next time you upgrade or install a plugin that needs to be able to write to files, you’re going to need to go back into Putty and change everything to group “web.” Again, the command to do that is:

chgrp -R web *

(I updated this post to add step 14 on 7/12/08, because I forgot about this myself and got very grumpy at the Google Sitemaps plugin.)