I'm trying to enable WordPress to upload files to the wp-content folder without setting permissions for the folder to 777. However, I'm having some difficulties.
The group and user set for the wp-content folder match the group and user Apache is configured to be using in httpd.conf. However, when I run the below command, it appears that Apache is actually running as root rather than the user specified in httpd.conf.
httpd.conf Configuration
User xxx Group yyy
Command Run to Determine User Apache is Running As
ps aux | grep httpd
Output from the above command
513 1294 0.4 1.4 316420 54864 ? S 08:30 0:06 /usr/sbin/httpd
513 is the correct UID for user xxx, so that appears correctly. However, I'm still not able to upload files within WordPress without setting permissions for the wp-content folder to 777.
Can somebody tell me what the issue is here?
Apache always needs to start as root, then it uses setuid to switch to user context of specified user in httpd.conf.
Without root (uid = 0) you can not create listening socket on privileged ports (below 1024)
For details read this documents:
http://www.thegeekstuff.com/2011/03/apache-hardening/
http://httpd.apache.org/docs/2.2/misc/security_tips.html
From first link: