Ticket #1139 (closed defect: fixed)
my-templates & my-plugins permissions are 0750 on install
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.0.3 |
| Component: | Installation/Upgrade | Version: | 1.0.2 |
| Severity: | normal | Keywords: | has-patch |
| Cc: | ashfame, nightgunner5@… |
Description
I installed 1.0 r2294 using svn and the my-plugins and my-templates folders were created with 0750 permissions. The thing that made me investigate was that the screenshot.png was not showing in the admin. I activated the theme anyway but then I was getting a 403 error on the stylesheet so the forum appeared unstyled.
I propose that the my-* folders be shipped with the permissions set to 0755. All the bb- folders have the proper permissions of 0755.
My host is 1&1 Internet.
Attachments
-
class.bb-install.php.diff
(885 bytes) -
added by GautamGupta 23 months ago.
- Fix the permissions
Change History
comment:2
chrishajer — 3 years ago
Someone else having trouble: http://bbpress.org/forums/topic/bb-my-plugins-my-templates-directories
This is part of the big problem with making any kind of directory via PHP.
It's a big can of worms which 0.9 didn't have because it didn't make anything.
Not only are the permissions a problem, the user you are creating the directory with is owned by PHP, which on many systems = nobody = root
So if the user tries to delete the directory later via FTP, they may not be able to, because FTP will be a user with lower permissions that root/nobody.
One day bbPress will have the same FTP class that WordPress does and then you can create directories via FTP instead and the proper use and permissions will be automatically set.
- Status changed from new to closed
- Resolution set to fixed
- Cc ashfame added
- Status changed from closed to reopened
- Resolution fixed deleted
The directories are still being created with 750 permissions & not 755. I tested it twice via SVN installs
comment:7
Gautam Gupta — 2 years ago
- Component changed from Front-end to Installation/Upgrade
- Milestone changed from 1.0.2 to 1.0.3
comment:8
Nightgunner5 — 2 years ago
- Cc nightgunner5@… added
- Priority changed from low to normal
- Severity changed from minor to normal
http://trac.bbpress.org/browser/trunk/bb-admin/includes/class.bb-install.php?rev=2391#L2145
The fixes in [2372] only affect upgrades, not new installations.
comment:9
GautamGupta — 23 months ago
- Keywords has-patch added; permissions, chmod removed
- Version changed from 1.0 to 1.0.2
- Summary changed from my-templates my-plugins permissions incorrectly 0750 to my-templates & my-plugins permissions are 0750 on install
comment:10
chrishajer — 23 months ago
Tested this on a svn installation and folders are created with the correct permissions and ownership. I don't think it would matter if it were a zip/gz installation, because the folders are not included, the are created upon installation.
I will commit this.
comment:11
chrishajer — 23 months ago
- Status changed from reopened to closed
- Resolution set to fixed
(In [2403]) Set 0755 folder permissions for my-templates and my-plugins upon creation. Fixes #1139 props GautamGupta?
This really depends on how the host is setup. On shared hosts Having your files readable by everyone is usually insecure. I realise that isn't really a problem for stylesheets and images, but it certainly can be for plugins which can contain sensitive configuration info. So I leaned towards security instead of usability here, maybe that was a mistake.