The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

Recently, we were trying to update a WordPress installation that was running under apache in a CentOS 7. When we would press the lovely blue button to update WordPress we would get the following error:

The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

Installation Failed

At first we thought it was an issue with the privileges on the folder, so we did the following steps to fix the issue:

Find which user is controlling apache server:

We executed the following command to get the name of the local user that was handling the apache web server:

ps -ef | grep apache;

From which, we got the following results:

apache 7289 8523 1 10:35 ? 00:00:03 /usr/sbin/httpd -DFOREGROUND
apache 7293 8523 0 10:35 ? 00:00:02 /usr/sbin/httpd -DFOREGROUND
apache 7316 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7317 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7335 8523 1 10:35 ? 00:00:03 /usr/sbin/httpd -DFOREGROUND
apache 7347 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7348 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7349 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7350 8523 0 10:35 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 7351 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
root 8071 7978 0 10:40 pts/1 00:00:00 grep --color=auto apache

The first column is the name of the user, so we found out that apache local user is the user executing the apache web server.

Repair all file and folder access rights:

After getting the above information we proceeded to update the access rights in our WordPress installation folder (/var/www/example.com)

find /var/www/example.com -type d -exec chmod 755 '{}' \;
find /var/www/example.com -type f -exec chmod 644 '{}' \;
chown -R apache:apache /var/www/example.com;

To our disappointment, nothing changed and we would still get the same error. Luckily enough we had another ace in our sleeve!

Checking the security context of each file and folder:

We executed the following command (ls -Z) to get the security context of the files and folders in the installation folder of WordPress:

ls -Z /var/www/example.com;

Where we got the following results:

drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 api
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 favicon.ico
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 license.txt
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 readme.html
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 r-file.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wordfence-waf.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-activate.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-admin
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-blog-header.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-comments-post.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-config.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-config-sample.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-content
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-cron.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-includes
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-links-opml.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-load.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-login.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-mail.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-settings.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-signup.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-trackback.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 xmlrpc.php

What we got from this result: all files and folders marked with the httpd_sys_content_t are not directly editable by the apache web server even though the user has the rights to do so as it is a security step by SELinux.

httpd_sys_content_t
Use this type for static web content, such as .html files used by a static website. Files labeled with this type are accessible (read only) to httpd and scripts executed by httpd. By default, files and directories labeled with this type cannot be written to or modified by httpd or other processes. Note that by default, files created in or copied into /var/www/html/ are labeled with the httpd_sys_content_t type.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_confined_services/sect-managing_confined_services-the_apache_http_server-types

The simple solution

We just changed the security context for the folders and files to httpd_sys_rw_content_t which allows apache web server to edit the files:

httpd_sys_rw_content_t
Files labeled with this type can be written to by scripts labeled with the httpd_sys_script_exec_t type, but cannot be modified by scripts labeled with any other type. You must use the httpd_sys_rw_content_t type to label files that will be read from and written to by scripts labeled with the httpd_sys_script_exec_t type.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_confined_services/sect-managing_confined_services-the_apache_http_server-types
chcon -R --type httpd_sys_rw_content_t /var/www/example.com;

After this command finished, we updated WordPress as normal!

(In case you want to change the security context back to the original just execute chcon with httpd_sys_content_t as parameter on the folders and files you want to operate as read-only).

Advertisements

Lock-down pro-tip to save the battery of your car

Most cars (if not all) consume energy even when they are parked, with the engine off and no visible systems working. Electrical systems including the clock and on-board computer systems drain the battery little by little until they completely empty it.

When the energy level in a battery is low, it might prevent it from being capable to start your car and you will need a boost to get your car running again. In worse scenarios, batteries that are completely drained can get damaged and they need to be replaced.

Therefore, if you do not move your car for a long period (like during the lock-down period), then the extended lack of use might damage the battery and cause it to need replacement.

Simple Solution

Check the operation manual of your car or contact your dealer prior to disconnecting the battery. (We are not sure if there is a car out there that would not like having its battery removed)

Disconnect the battery from you car to stop the energy draining.
To do so remove the cable from the negative port (has the minus sign "-" and is usually black colored).

Do not let the negative and positive cable exposed metal ends touch under any circumstances.


Handbook of COVID-19 Prevention and Treatment

Handbook of COVID-19 Prevention and Treatment (21 downloads)

This is an unprecedented global war, and mankind is facing the same enemy, the novel corona- virus. And the first battlefield is the hospital where our soldiers are the medical workers.
To ensure that this war can be won, we must first make sure that our medical staff is guaranteed sufficient resources, including experience and technologies. Also, we need to make sure that the hospital is the battleground where we eliminate the virus, not where the virus defeats us.
Therefore, Jack Ma Foundation and Alibaba Foundation have convened a group of medical experts who have just returned from the frontlines of fighting the pandemic. With the support of The First Affiliated Hospital, Zhejiang University School of Medicine (FAHZU), they quickly published a guidebook on the clinical experience of how to treat this new coronavirus. The treatment guide offers advice and reference against the pandemic for medical staff around the world who are about to join the war.
Thanks to the medical staff from FAHZU. While taking huge risks in treating COVID-19 patients, they wrote down their treatment experience day and night in this Handbook.
Over the past 50 days, 104 confirmed patients have been admitted to FAHZU, including 78 severe and critically ill ones. Thanks to the pioneering efforts of medical staff and the application of new technologies, to date, we have witnessed a miracle. No staff is infected, and there is no missed diagnosis or patient deaths.
Today, with the spread of the pandemic, these experiences are the most valuable sources of information and the most important weapon for medical workers on the battlefield. This is a brand-new disease, and China was the first to suffer from the pandemic. Isolation, diagnosis, treatment, protective measures, and rehabilitation have all been started from scratch, but we hope that with the advent of this Handbook doctors and nurses in other affected areas can learn from our experience when entering the battlefield and they won’t have to start from zero.
This pandemic is a common challenge faced by mankind in the age of globalization. At this moment, sharing resources, experiences and lessons, regardless of who you are, is our only chance to win. Because the real remedy for epidemics is not isolation, but cooperation.
This war has just begun.

Handbook of COVID-19 Prevention and Treatment (21 downloads)

Handbook of COVID-19 Prevention and Treatment (21 downloads)


How to find differences between two directories using diff

Gotta love diff!

Finding all files and folders that are different in two locations is extremely easy. Using only two parameters we can exhaustively compare two directories, including their sub-directories and produce a list of their differences as such:

diff -qr folder-1/ folder-2/;

The -q parameter instructs diff to print only the files that are different and thus not spam us with thousands of files that are the same.

The -r parameter turns on the recursive feature which instructs diff to check all sub-folders and their files in the two directories under investigation.

Example run:

diff -qr Desktop/source/ /media/tux/My\ Disk/backup\ A/

Files Desktop/source/Camera/20191023_171328.jpg and /media/tux/My\ Disk/backup\ A/Camera/20191023_171328.jpg differ

Files Desktop/source/Camera/VID_20191011_115231.mp4 and /media/tux/My\ Disk/backup\ A/Camera/VID_20191011_115231.mp4 differ

diff: /media/xeirwn//media/tux/My\ Disk/backup\ A/Camera/IMG_20191225_165939.jpg: Input/output error

How to temporarily open MySQL / MariaDB port on CentOS 7 firewall

Recently, we came across a CentOS 7 that was executing MariaDB (MySQL) server. The Database Administrators needed a way to open to the port and allow connections to the SQL server from outside the machine.
As they did not have a specific IP from which they would connect, we provided the following solution.

To temporarily open port 3306

firewall-cmd --add-port=3306/tcp;

To close the port 3306 (method A)

firewall-cmd --remove-port=3306/tcp;

or reload firewalld which will cause it to loose all changes that are not permanent (method B)

firewall-cmd  --reload;

firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It has support both for IPv4 and IPv6 firewall settings. Also, it supports Ethernet bridges and allow you to separate between runtime and permanent configuration options. Finally, it supports an interface for services or applications to add firewall rules directly.