Task #52668: Install Tool: Remove permission checking and fixing code from "folder structure"
Default file permissions recommendation schould be 0665 instead of 0660
The new install tool recommends file permissions 0660 for setting "BE/fileCreateMask". But 0660 doesn't work (at 1und1 server), 0665 works fine.
Same issue for "BE/folderCreateMask": the install tool recommends 2770, but only 2775 works.
If I set the recommended file permissions (screenshot is attached), you can't load the images via browser (Error 403 - Forbidden).
Updated by Jan Radecker over 8 years ago
2774 for directories is also wrong. 2775 was fine.
Please read [[http://de.wikipedia.org/wiki/Unix-Dateirechte#Oktalnotation]]
Updated by Ernesto Baschny over 8 years ago
- Status changed from Under Review to Needs Feedback
- Target version set to next-patchlevel
- Parent task set to #52668
Recommended is "0660 and 2770", because world readable files is not something we should recommend for security reasons.
The "shipped defaults" are still "0664" and "2775" because it works on every setup (like 1and1).
So one idea might be to explain this a bit better to new users which are just using the defaults and wondering why they are not recommended:
- if you are running with the "defaults" (0664 and 2775), we should not issue a Warning but a Notice instead (no "2" red badge in the Install Tool).
- the Notice in the screen should then inform that you are using the defaults, which is fine, but for security reasons you should consider 0660 and 2770, but being aware that it might not work with every hoster.
What do you think?