Opened 15 years ago
Closed 14 years ago
#1139 closed defect (bug) (fixed)
my-templates & my-plugins permissions are 0750 on install
Reported by: | chrishajer | Owned by: | |
---|---|---|---|
Milestone: | 1.0.3 | Priority: | normal |
Severity: | normal | Version: | 1.0.2 |
Component: | API - Installation/Upgrade | Keywords: | has-patch |
Cc: | ashfame, nightgunner5@… |
Description
I installed 1.0 r2294 using svn and the my-plugins and my-templates folders were created with 0750 permissions. The thing that made me investigate was that the screenshot.png was not showing in the admin. I activated the theme anyway but then I was getting a 403 error on the stylesheet so the forum appeared unstyled.
I propose that the my-* folders be shipped with the permissions set to 0755. All the bb- folders have the proper permissions of 0755.
My host is 1&1 Internet.
Attachments (1)
Change History (12)
#2
@
15 years ago
Someone else having trouble:
http://bbpress.org/forums/topic/bb-my-plugins-my-templates-directories
#3
@
15 years ago
This is part of the big problem with making any kind of directory via PHP.
It's a big can of worms which 0.9 didn't have because it didn't make anything.
Not only are the permissions a problem, the user you are creating the directory with is owned by PHP, which on many systems = nobody = root
So if the user tries to delete the directory later via FTP, they may not be able to, because FTP will be a user with lower permissions that root/nobody.
One day bbPress will have the same FTP class that WordPress does and then you can create directories via FTP instead and the proper use and permissions will be automatically set.
#6
@
15 years ago
- Cc ashfame added
- Resolution fixed deleted
- Status changed from closed to reopened
The directories are still being created with 750 permissions & not 755. I tested it twice via SVN installs
#7
@
14 years ago
- Component changed from Front-end to Installation/Upgrade
- Milestone changed from 1.0.2 to 1.0.3
#8
@
14 years ago
- Cc nightgunner5@… added
- Priority changed from low to normal
- Severity changed from minor to normal
http://trac.bbpress.org/browser/trunk/bb-admin/includes/class.bb-install.php?rev=2391#L2145
The fixes in [2372] only affect upgrades, not new installations.
#9
@
14 years ago
- Keywords has-patch added; permissions chmod removed
- Summary changed from my-templates my-plugins permissions incorrectly 0750 to my-templates & my-plugins permissions are 0750 on install
- Version changed from 1.0 to 1.0.2
This really depends on how the host is setup. On shared hosts Having your files readable by everyone is usually insecure. I realise that isn't really a problem for stylesheets and images, but it certainly can be for plugins which can contain sensitive configuration info. So I leaned towards security instead of usability here, maybe that was a mistake.