Project

General

Profile

Actions

Bug #15249

closed

EM sets permissions wrong when downloading an extension, causing problems with suphp

Added by Oliver Klee almost 19 years ago. Updated over 17 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2005-11-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

suphp is an Apache module that increases security by making the script file owner execute the corresponding process instead of the apache user. To make this process safer, suphp imposes a few rules. One of those rules is that the script file must only be writable by the user, not the group or the world.

So I changed my whole PHP site directory tree to be writable only by the user. So the permissions of my typo3conf/ext/* directories look like this:

drwxr-xr-x

Yet, when I download an extension from the TER (or from a file), the EM changes the permissions to this:

drwxrwxr-x

The files in that directories and the corresponding subdirectories are also group-writable, which causes them to not get executed any more (error 500).

This makes using Typo3 with suphp really hard as I have to change the permissions every time I download or upgrade an extension.

The EM schould use the drwxr-xr-x permissions when writing the extension to disk (or the permissions need to be configurable).

(issue imported from #M1958)


Files

t3lib_config_default.diff (2.3 KB) t3lib_config_default.diff Administrator Admin, 2005-12-17 12:47

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #14763: Create Files with no correkt umask when using with suphpClosed2005-10-31

Actions
Actions #1

Updated by Oliver Klee almost 19 years ago

Oh, and I'm using Kubuntu 5.10 with:

- Apache 2.0.54
- PHP 4.4.0
- suphp 0.5.2

Actions #2

Updated by Oliver Klee almost 19 years ago

Damn, wrong component (usability from hell ...). Please move this to Typo3 Core. Sorry for the spam.

Actions #3

Updated by Oliver Klee almost 19 years ago

The documentation for suphp can be downloaded at http://www.suphp.org/Download.html .

Actions #4

Updated by Oliver Klee almost 19 years ago

I've attached a patch for t3lib/config_default.php that changes the default configuration to be safer. (When an extension gets updated, only one user needs write permissions.)

Actions #5

Updated by Michael Stucki almost 19 years ago

I already know of suPHP but don't think that it is only related with this tool.

As long as creategroup is not specified, the group write permission doesn't make sense anyway.

I think I will apply your patch but add a nice to the description of creategroup.

- michael

Actions #6

Updated by Karsten Dambekalns almost 19 years ago

-1 for the patch. Most people probably have a user-group setting that has Apache as group somehow. Those using suphp are the minority (sorry, no democracy this time) and should change the available variable to fit their needs. IMHO.
Thus +1 for adding to the documentation.

Actions #7

Updated by Oliver Klee almost 19 years ago

Karsten, users who need to give their Apache group write permissions need to change their configuration either way as they need to enter the group name.

So, in other words: With the patch, suphp users get a working configuration out of the box, while users who need write access for a group still need to modify the configuration.

Actions #8

Updated by Michael Stucki over 18 years ago

I didn't check it but think that this is fixed in the new EM, right?
Please confirm that I can close this bug.

Actions #9

Updated by Oliver Klee almost 18 years ago

Yes, this is fixed now, and this bug can be closed.

Actions #10

Updated by Michael Stucki almost 18 years ago

Fixed some time during 4.0 development.

Actions

Also available in: Atom PDF