So, I have a box with a "deploy" user. This deploy user owns a code repository and wordpress is running on this box...

When wordpress attempts to do something like upload a plugin, it is using the user "www-data" to write to "wp-content/plugins".. Apparently it is uploading a zipfile, unarchiving, and then removing the zipfile.

I kept running into problems where wordpress was unable to do these things.. Since my entire code repository was set to be the owner and group: "deploy:deploy", obviously www-data is not able to access this.

So, my first attempt was to add www-data to the deploy group.

usermod -a -G deploy www-data 

Immediately after issuing this command, I found that I could no longer ssh into the box.. Totally confused as to why-- can anyone fill me in on that? So I ended up doing:

chmod -R go-w ~ 

And then could ssh in again... doing "groups www-data" showed deploy as one of the options, so I thought hooray... I went and made sure the wp-content and plugin directories all had write access for the group, and they did... Double horray, it should work perfectly!

However, no... Failure upon trying to upload a plugin.

After much annoyance, I just went into the apache config and changed the APACHE_RUN_USER & GROUP to "deploy"

Problem solved... Sort of. Except the idea of apache running as the main user, I think is awful.

Anyway, so after making this change, uploading a plugin was successful and I saw:

drwxr-xr-x 8 deploy deploy 4096 Oct 22 21:28 wp-crm 

So, the group has no write access-- I thought maybe this is a hint to why this was failing... But then, the fact that it's writing with deploy, means that's not really a hint... Because that's just due to how deploy's umask is set to.. I assume...

So... I am just lost as to what the solution is...

Should my wp-content group be www-data instead?

Or am I missing something else here?