WordPress uploads permissions

[wilfried]

I have WP installed on a cPanel server.
For some reason I can't upload images using WP unless the "uploads" directory is set to "777" which I'd rather not do.

What could be the cause of this? I'd rather be using 755

[thewebhosting]

When the PHP is installed as a module, it executes with the same permissions as the main apache instance, which is typically as the nobody user. Hence, you will need to set the upload permission to 777.

[cPanelDavidG]

If you can convince your hosting provider to use SuPHP, then 755 permissions will be sufficient for that functionality to work.

[Spiral]

I have WP installed on a cPanel server.
For some reason I can't upload images using WP unless the "uploads" directory is set to "777" which I'd rather not do.

What could be the cause of this? I'd rather be using 755

Sounds like the server where you installed WordPress is running PHP as a DSO (Apache Module) which insecurely runs all scripts commonly under the global username "nobody".

Since your Wordpress application is being run as "nobody" instead of your own login name, you must have GLOBAL readable permissions minimum so to get to the bottom line, yes, you will need 777 for your folder to be uploadable as well as readable. Technically 666 would work too but that poses the very same security issue which you are obvious aware as you said "I'd rather not do"

I would switch hosts or ask your host about upgrading to SuPHP based PHP which doesn't have these types of security issues.

In fact, under SuPHP you could go as extremely tight as 400 and the typical norm is 640 for most uses. Folders are typically 750 or 755.