I think setting a cron job to automatically turn permissions on and off might be a bit of an extreme workround 🙂 I think it is probably worth spending the time to set up working permissions on your server, rather than a cron job which could introduce other problems.
This has been a good resource for me – https://codex.wordpress.org/Hardening_WordPress.
This has also been a great resource for me –
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04
These are the steps I have used to allow automatic / wp-cli updates of WordPress and plugins on an Ubuntu droplet with NGINX as the web server.
-
Set the recommended file and folder permissions:
750 for Directories 640 for Files except for wp-config.php, this should be 440.
To do this for directories:
find /srv/www/your-site/ -type d -exec chmod 750 {} \;
and files:
find /srv/www/your-site/ -type f -exec chmod 640 {} \;
and wp-config.php:
sudo chmod 440 your-site/wp-config.php
-
Set the owner and group to web:www-data where web is a non-root user with sudo user permissions.
sudo chown -R web:www-data /srv/www/your-site
This command will give you more information of what user / group NGINX is running under:
ps -eo pid,comm,euser,supgrp | grep nginx
https://superuser.com/questions/398833/how-to-determine-the-user-and-group-of-a-deamon-in-ubuntu
The group is www-data in my case.
-
Set setgid bit so that all new files inherit the group of the parent directory.
sudo find /srv/www/your-site -type d -exec chmod g+s {} \;
-
Give the group write access to the wp-content directory.
sudo chmod g+w /srv/www/your-site/wp-content
-
Give the group write access to the plugins, themes and uploads directories.
sudo chmod -R g+w /srv/www/your-site/wp-content/themes sudo chmod -R g+w /srv/www/your-site/wp-content/plugins sudo chmod -R g+w /srv/www/your-site/wp-content/uploads
-
Make sure you are running the core update command as the owner in step 2 if necessary switching to that user first.
su web wp core update