Skip to:
Content

Opened 5 years ago

Closed 4 years ago

#1139 closed defect (fixed)

my-templates & my-plugins permissions are 0750 on install

Reported by: chrishajer Owned by:
Milestone: 1.0.3 Priority: normal
Severity: normal Version: 1.0.2
Component: Installation/Upgrade Keywords: has-patch
Cc: ashfame, nightgunner5@…

Description

I installed 1.0 r2294 using svn and the my-plugins and my-templates folders were created with 0750 permissions. The thing that made me investigate was that the screenshot.png was not showing in the admin. I activated the theme anyway but then I was getting a 403 error on the stylesheet so the forum appeared unstyled.

I propose that the my-* folders be shipped with the permissions set to 0755. All the bb- folders have the proper permissions of 0755.

My host is 1&1 Internet.

Attachments (1)

class.bb-install.php.diff (885 bytes) - added by GautamGupta 4 years ago.
Fix the permissions

Download all attachments as: .zip

Change History (12)

comment:1 sambauers5 years ago

This really depends on how the host is setup. On shared hosts Having your files readable by everyone is usually insecure. I realise that isn't really a problem for stylesheets and images, but it certainly can be for plugins which can contain sensitive configuration info. So I leaned towards security instead of usability here, maybe that was a mistake.

comment:3 _ck_5 years ago

This is part of the big problem with making any kind of directory via PHP.

It's a big can of worms which 0.9 didn't have because it didn't make anything.

Not only are the permissions a problem, the user you are creating the directory with is owned by PHP, which on many systems = nobody = root

So if the user tries to delete the directory later via FTP, they may not be able to, because FTP will be a user with lower permissions that root/nobody.

One day bbPress will have the same FTP class that WordPress does and then you can create directories via FTP instead and the proper use and permissions will be automatically set.

comment:4 sambauers5 years ago

  • Milestone set to 1.0.2

comment:5 sambauers5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [2327]) Create directories using softer permissions. Fixes #1139

comment:6 ashfame5 years ago

  • Cc ashfame added
  • Resolution fixed deleted
  • Status changed from closed to reopened

The directories are still being created with 750 permissions & not 755. I tested it twice via SVN installs

comment:7 Gautam Gupta4 years ago

  • Component changed from Front-end to Installation/Upgrade
  • Milestone changed from 1.0.2 to 1.0.3

comment:8 Nightgunner54 years ago

  • Cc nightgunner5@… added
  • Priority changed from low to normal
  • Severity changed from minor to normal

GautamGupta4 years ago

Fix the permissions

comment:9 GautamGupta4 years ago

  • Keywords has-patch added; permissions chmod removed
  • Summary changed from my-templates my-plugins permissions incorrectly 0750 to my-templates & my-plugins permissions are 0750 on install
  • Version changed from 1.0 to 1.0.2

comment:10 chrishajer4 years ago

Tested this on a svn installation and folders are created with the correct permissions and ownership. I don't think it would matter if it were a zip/gz installation, because the folders are not included, the are created upon installation.

I will commit this.

comment:11 chrishajer4 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [2403]) Set 0755 folder permissions for my-templates and my-plugins upon creation. Fixes #1139 props GautamGupta

Note: See TracTickets for help on using tickets.