[pmwiki-users] Files rewritten at world-writable

Daphne Tregear daf at cs.man.ac.uk
Mon Jul 18 11:47:14 CDT 2005


>>>>> "Patrick" == Patrick R Michaud <pmichaud at pobox.com> writes:

    Patrick> Normally one doesn't use setgid permissions (rws) if the
    Patrick> directory is in "nogroup".  Usually we would make sure
    Patrick> that the directory has the same group as the account
    Patrick> owner (i.e., the same group as the parent), and then use
    Patrick> setgid.  This will ensure that all files in wiki.d/ and
    Patrick> uploads/ have the same group membership as the account
    Patrick> holder, and then PmWiki doesn't add any world
    Patrick> permissions.

Thank you very much. I didn't pick that up from the docs.

    Patrick> No, the files don't need world write permission for
    Patrick> PmWiki to work.  

Excellent!

    Patrick> But given the configuration you have
    Patrick> above one would need world write permission in order for
    Patrick> the account holder (the account that installed PmWiki) to
    Patrick> be able to remove/rename the files in wiki.d/ .

Not if one has root permission everywhere ;->

    Patrick> So, PmWiki adds the world write permissions in order to
    Patrick> preserve the account holder's ability to access those
    Patrick> files.  This ends up being the right choice in most
    Patrick> situations -- otherwise the account holder needs special
    Patrick> scripts available to do it for them.

Fine. Now I understand.

    Patrick> If you change wiki.d/ and uploads/ to have the same group
    Patrick> as their parent directory, 

Done. And it works.

    Patrick> and add the setgid bit (2777)

I just left the setgid bit on wiki.d/ and uploads/ without leaving them
world writable.

    Patrick> won't put world write permissions on the directory

Thanks again.

Daf




More information about the pmwiki-users mailing list