Task #57354
closed
Task #52668: Install Tool: Remove permission checking and fixing code from "folder structure"
Default file permissions recommendation schould be 0665 instead of 0660
Added by Markus Hölzle about 10 years ago.
Updated over 5 years ago.
Description
The new install tool recommends file permissions 0660 for setting "BE/fileCreateMask". But 0660 doesn't work (at 1und1 server), 0665 works fine.
Same issue for "BE/folderCreateMask": the install tool recommends 2770, but only 2775 works.
If I set the recommended file permissions (screenshot is attached), you can't load the images via browser (Error 403 - Forbidden).
Files
0665 may work but it is wrong. Normal files do not need nor should have execute permission.
0664 would be right.
You are right, the permission 0664 and 2774 also works fine
- Status changed from New to Under Review
- Status changed from Under Review to Needs Feedback
- Target version set to next-patchlevel
- Parent task set to #52668
Recommended is "0660 and 2770", because world readable files is not something we should recommend for security reasons.
The "shipped defaults" are still "0664" and "2775" because it works on every setup (like 1and1).
So one idea might be to explain this a bit better to new users which are just using the defaults and wondering why they are not recommended:
- if you are running with the "defaults" (0664 and 2775), we should not issue a Warning but a Notice instead (no "2" red badge in the Install Tool).
- the Notice in the screen should then inform that you are using the defaults, which is fine, but for security reasons you should consider 0660 and 2770, but being aware that it might not work with every hoster.
What do you think?
- Status changed from Needs Feedback to Under Review
I'm also for changing it from warning to notice. The warning results in a message in the system report email.
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF