WordPress Plugins creating files with no read permission

[siwhyatt]

I recently migrated numerous WordPress sites from a shared hosting to a VPS with AlmaLinux with CyberPanel and Litespeed Server.

Most are working fine, but one has a significant issue where any files generated by plugins get created with 660/-rw-r----- permissions, so return a 403 when accessed by the browser. The plugins are able to create the files, so have access to the directory (wp-content/uploads/), but the generated files can't be accessed.

For example when CSS files are generated, they have no read permissions so the CSS doesn't load leaving the website in chaos, or when a new invoice is generated for a woocommerce sale, it can't be viewed.

I currently have a chmod running on cron to fix the permissions of newly generated files as a temporary stopgap, but I need a proper fix asap.

It's the only site running on an older version of php (7.4 rather than 8.2) as some of the plugins weren't compatible with the latest version, so I'm presuming it's related to the configuration of php7.4 somehow, but I can't find exactly why.

Has anyone experienced this before? Any suggestions on how to fix would be much appreciated!

 

[Unique_Eric]

I am not sure of the root cause, but you can check this similar case and follow the solution, and see if it works.

 

[siwhyatt]

Thanks for your reply Eric.

Unfortunately I already tried that to no avail.

I can upload new plugins and manually create files and folders without issue.

It is when the plugins themselves create files automatically that there is an issue.

 

[serpent_driver]

@siwhyatt

You should check the owner of the files. If you did file operations as root the current user cannot access these files.

 

[siwhyatt]

Thanks, but this is not the issue.

All files and folders have the correct owner, group and permissions.

If this weren't the case, the plugins wouldn't be able to write files in the first place.

The plugins can and do write the files, the issue is that for some reason these plugin generated files don't have read permission, they are 0660 instead of 0644. Therefore they can't be accessed by the browser until I run a chmod on them.

 

[serpent_driver]

The plugins can and do write the files, the issue is that for some reason these plugin generated files don't have read permission, they are 0660 instead of 0644. Therefore they can't be accessed by the browser until I run a chmod on them.

The cache plugin doesn't set any file permissions. If created files by the cache plugin have wrong permission, then the logic says, a PHP configuration parameter (umask()) is wrong, so you shouldn't search for any bug of the cache plugin, but for a wrong (custom) server configuration

 

[serpent_driver]

Do you have OLS or LSWS?

 

[siwhyatt]

I didn't think that a caching plugin was causing the issue. It is almost certainly a setting with either litespeed server or cyber panel. Hence posting here.

The umask seems to be set to 18 when I check echo umask, though this also appears to be the case for all the wordpress sites I've migrated, the rest of which have no issue. I've tried over riding this via cyber panel and litespeed dashboards but no luck.

I have LSWS.

 

[serpent_driver]

Default umask setting is 0022 => 0644 (rw-r--r--) for files and 0755 (rwxr-xr-x) for directories.

 

[siwhyatt]

Yes. I would like to set the umask to 22 but don't appear to be able to.

I have tried this via both the cyberpanel and litespeed dashboards via the PHP settings and phpini override respectively, but to no avail.

Again, as mentioned previously still not sure that this is the root cause of the issue as all the wordpress sites on the VPS show as umask 18, but only one has this issue, but still worth a try.

 

[siwhyatt]

In the end, I managed to find the issue.

The Linux ACL (access control list) settings were too restrictive.

After running a setfacl command recursively on the wp-content/uploads directory, the issue appears to be sorted.