Need Help Updating Nginx Wordpress Plugins

sharingsunshine
sharingsunshine used Ask the Experts™
on
I have built an nginx development system on an AWS Linux instance.  I FTP'd all of the files from a working site that is Apache based.  Two strange things have happened that are causing me to not be able to update or delete the plugins.

1.  When I zipped my database on the source system I then FTP'd them to the target system and unzipped them.  When I go into the dashboard I am unable to update nor can I delete them either.
2. Also, the table prefix went from wp_ to wpstg0 could this be affecting the plugins?

I need to get this site up and running so thanks for your help.

Randal
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software Engineer
Distinguished Expert 2018
Commented:
Are the files / directories on the target system owned by the user running the webserver processes?
often used are: nginx / www-data   (or apache on apache running systems).

I would not expect the table prefix having an influence on the ability to address plugins.
(other than if a table of plugins is kept in the database, and code is looking for the wrong table).
[ or the config cannot be read from php config file due to bad permissions. ]

Author

Commented:
I followed this tutorial which I have been using for several years
https://www.stevejenkins.com/blog/2015/09/correct-permissions-for-wordpress/

Open in new window


Modifying step 1 to grep nginx it came up with nginx.  I made owner and group nginx.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
1.  When I zipped my database on the source system I then FTP'd them to the target system and unzipped them.  When I go into the dashboard I am unable to update nor can I delete them either.

As noci suggested, what you're seeing is almost always a... poorly conceived integration between FTP + Apache + NGINX, so if you check in FTP, you'll likely see the ownership (uid/gid) is incorrect. Likely you'll see the FTP uid/gid, rather than Apache's uid/gid.

Remember, if you're running WordPress you're almost always going to be running NGINX in front of Apache, so Apache will be your focus.

Said another way Apache must be able to read files to serve them.

And Apache can rarely serve files owned by an FTP user, unless complex ACLs are setup to integrate FTP + Apache.

2. Also, the table prefix went from wp_ to wpstg0 could this be affecting the plugins?

Tip: Trying to do a restore like you've described likely won't work. The correct way to do this is as follows.

a) Make a backup with an actual WordPress backup plugin, like Duplicator or BackupBuddy or BlogVault.

b) FTP over the files. There will be only 2x files. An installer .php file + an archive/zip file.

c) Create an empty database.

d) Navigate to the installer .php file + walk through a normal installation.

Ugh... Don't muck about with the WordPress prefix. It's a myth changing the prefix provides some increased security. It does not. If someone can get to your database, they'll just look in your wp-config.php for the prefix + hack your database. So changing your prefix only breaks code which fails to correctly handle changed prefixes, with no additional security.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

nociSoftware Engineer
Distinguished Expert 2018

Commented:
php & nginx  or some other way of executing php. The best case is to use php-fpm.   So you actually need to verify that php-fpm server does use the nginx username or some other.
(better try using fpm instead of httpd in the ps -ef .... command in step 1.

(you did install php-fpm did you? or are you using nginx as reverse proxy before apache.. (slightly less attractive, fpm is far faster solution that apache to run several php sessions )

Author

Commented:
I have php-fpm.  This isn't a reverse proxy so no Apache at all.  Using fpm it comes up Apache.  So must I change all permissions to  apache:apache?
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Yes. It's fpm that is executing the scripts. So it runs under that owner.
(one of the advantages of fpm is you can have several lying around with various configurations (buffering, amount of spares etc.) . all separated from the  frontend web server)
Even handling multiple versions of php on one server is doable. (i have a fpm-5.6 for stuff that didn't make it to 7.x yet) and a 7.x one that runs all the regular stuff.)
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You have 2x considerations.

If you're running FPM, normally FPM runs under same uid/gid as your apache processes, so if your apache2 + FPM processes all run as...

apache:apache

Open in new window


Then noci is correct, you must ensure all your files ownership is set to apache:apache + likely all will work out well.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Aside: There's also a permanent fix for this... if you use a sensible SFTP server like MySecureShell.

Here's how I do this...

# random
IbTt5zhmJzkV901i

# setfacl -Rm d:u:apache:rwX,u:apache:rwX /path-to-site-docroot

# useradd --user-group -G www-data --shell=/usr/bin/mysecureshell --home=/path-to-site-docroot jack
# echo jack:IbTt5zhmJzkV901i | chpasswd
# setfacl -Rm d:u:jack:rwX,u:jack:rwX /path-to-site-docroot

Open in new window


The net effect here is set all current + new dirs/file to have an apache:apache ownership ACL, allowing any newly created dirs/files to be accessible by Apache.

Then the last 3x steps are done for every new SFTP user, so they can see all dirs/files + create/remove any dirs/files.

This provides seamless integration between Apache + SFTP.

You can also extend this to adding ACLs for any other SFTP like systems which require similar support.

Note: All sensible Distros have been using ext4 filesystems by default for years + also have been enabling ACL support by default.

AWS Linux, at times can be dumb as a bag of hammers, so likely you must install setfacl (normally the acl package), then test to see if ACLs will work on your file systems.

Ensure ACL support works before doing any other retooling work.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@david: fpm runs it's own process & dispatcher organizing pools of workers. (each pool with their own php settings if needed)
apache is not used in such a setup.  fpm-php provides a fastcgi+ interface onto php workers.

part of the setup of the fpm ool config file is the

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = www-data
group = www-data

Open in new window

David FavorFractional CTO
Distinguished Expert 2018

Commented:
@noci, How Apache + FPM run is highly Distro dependent.

For example Debian/Ubuntu run Apache + FPM as www-data:www-data which means all .php + .html files all work as expected with the same ownership.

The author has mentioned nginx:nginx + apache:apache, so only the author can understand process ownership by running ps + looking at all processes involved.

Whatever ownership is required for each type of file .html + .php + all other files too, must match however this Distro expects file ownership to occur... for files to serve correctly...
nociSoftware Engineer
Distinguished Expert 2018

Commented:
I meant to indicate that there is no correlation between apache & fpm-php because both run in separate processes with separate config files.
So the system manager, or package maintainer decide on the userid/groupid used.
Where mod_php  runs in apache context and is by definition following apache config.

Author

Commented:
You were correct it was an ownership issue.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start Today