Greetings!
I've been recently messing around more with methods of developing and deploying WP sites on shared and VPS hosting. As I've plugged along, I've continuously ran into the same problem: Getting WP/plugins updates to work properly.
What I've found is that it has almost nothing to do with actual file permissions! Which is strange! Wordpress does check for write permissions, but it also checks that the owner is the same as the the UID. I found this affirmed, first, in the "Updating Wordpress" documentation:
In other words, the owner of your WordPress files must match the user under which your web server executes.
I then found the get_filesystem_method function in includes/file.php, with interest here:
$temp_file_name = $context . 'temp-write-test-' . time();
$temp_handle = @fopen($temp_file_name, 'w');
if ( $temp_handle ) {
if ( getmyuid() == @fileowner($temp_file_name) )
$method = 'direct';
@fclose($temp_handle);
@unlink($temp_file_name);
}I'm curious why WP cares whether or not the fileowner is the current script? Isn't the real issue whether or not the effective owner has write permissions? And isn't that proven by the fact that a handle is returned? Why not compare the user/group to the permissions? How about:
$temp_file_name = $context . 'temp-write-test-' . time();
$temp_handle = @fopen($temp_file_name, 'w');
if ( $temp_handle ) {
$perms = fileperms($temp_file_name);
if ( getmyuid() == @fileowner($temp_file_name) && ($perms & 0x0080) )
$method = 'direct';
elseif ( getmygid() == @filegroup($temp_file_name) && ($perms & 0x0010) )
$method = 'direct';
@fclose($temp_handle);
@unlink($temp_file_name);
}Certain methods of deployment ssh onto the server and pull from a repo (e.g. capistrano). This means that the files will be owned by the user that pulled the files. And seeing as a file can only chown with sudo access, this makes that method nonviable.