Bug #15249
closed
EM sets permissions wrong when downloading an extension, causing problems with suphp
0%
Description
suphp is an Apache module that increases security by making the script file owner execute the corresponding process instead of the apache user. To make this process safer, suphp imposes a few rules. One of those rules is that the script file must only be writable by the user, not the group or the world.
So I changed my whole PHP site directory tree to be writable only by the user. So the permissions of my typo3conf/ext/* directories look like this:
drwxr-xr-x
Yet, when I download an extension from the TER (or from a file), the EM changes the permissions to this:
drwxrwxr-x
The files in that directories and the corresponding subdirectories are also group-writable, which causes them to not get executed any more (error 500).
This makes using Typo3 with suphp really hard as I have to change the permissions every time I download or upgrade an extension.
The EM schould use the drwxr-xr-x permissions when writing the extension to disk (or the permissions need to be configurable).
(issue imported from #M1958)
Files
Updated by Oliver Klee over 18 years ago
Oh, and I'm using Kubuntu 5.10 with:
- Apache 2.0.54
- PHP 4.4.0
- suphp 0.5.2
Updated by Oliver Klee over 18 years ago
Damn, wrong component (usability from hell ...). Please move this to Typo3 Core. Sorry for the spam.
Updated by Oliver Klee over 18 years ago
The documentation for suphp can be downloaded at http://www.suphp.org/Download.html .
Updated by Oliver Klee over 18 years ago
I've attached a patch for t3lib/config_default.php that changes the default configuration to be safer. (When an extension gets updated, only one user needs write permissions.)
Updated by Michael Stucki over 18 years ago
I already know of suPHP but don't think that it is only related with this tool.
As long as creategroup is not specified, the group write permission doesn't make sense anyway.
I think I will apply your patch but add a nice to the description of creategroup.
- michael
Updated by Karsten Dambekalns over 18 years ago
-1 for the patch. Most people probably have a user-group setting that has Apache as group somehow. Those using suphp are the minority (sorry, no democracy this time) and should change the available variable to fit their needs. IMHO.
Thus +1 for adding to the documentation.
Updated by Oliver Klee over 18 years ago
Karsten, users who need to give their Apache group write permissions need to change their configuration either way as they need to enter the group name.
So, in other words: With the patch, suphp users get a working configuration out of the box, while users who need write access for a group still need to modify the configuration.
Updated by Michael Stucki about 18 years ago
I didn't check it but think that this is fixed in the new EM, right?
Please confirm that I can close this bug.
Updated by Oliver Klee over 17 years ago
Yes, this is fixed now, and this bug can be closed.
Updated by Michael Stucki over 17 years ago
Fixed some time during 4.0 development.