[pmwiki-users] pmwiki upload 'world write' always set

Patrick R. Michaud pmichaud at pobox.com
Thu Apr 26 14:40:45 CDT 2007


On Thu, Apr 26, 2007 at 02:30:09PM -0400, Ben Wilson wrote:
> I'm just trying to condense the commands needed to do Pm's fix for
> those who may want to put this into a shell script. You may not need
> the sudo, but in case you do I provide them.
> 
> chown -R (webuser) wiki.d uploads
> sudo chmod 2775 wiki.d uploads
> find wiki.d -type f|xargs sudo chmod 664
> find uploads -type f|xargs sudo chmod 664

Actually, this isn't exactly what I wrote, as I was
talking about grup ownerships (chgrp) and not file ownerships
(chown).  And my solution was actually somewhat tailored to
the setup given in the original problem.

The minimum steps would be (assuming a reasonably 
recent chgrp(1) command):

    chgrp -R --reference=wiki.d/.. wiki.d
    chown -R (webuser) wiki.d
    chmod 2775 wiki.d

Optional -- to remove world write permissions of any existing
files in wiki.d, one can also do:

    chmod -R ug+rw o-w wiki.d

This step is optional because as each page is updated in wiki.d/ ,
PmWiki will create the new versions with the correct ownerships and
permissions.

Many (all?) of the above commands may require superuser privileges.
Most Unix/Linux systems restrict file ownership changes to superusers.

All of the above assume that PHP isn't running with safe_mode
enabled.  If safe_mode is enabled, then wiki.d/ must be
owned by the same account as the owner of the pmwiki.php
script, and it must have world write permissions.

If PHP is already configured to run scripts under the account
that owns the pmwiki.php script, then everything should already
be running without world write permissions and no special
changes are necessary.

Thanks!

Pm
> On 4/26/07, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > On Wed, Apr 25, 2007 at 06:24:38PM -0500, Paul Carew wrote:
> > > Hello Patrick,
> > > Thanks for the reply. The files ends up being owned by 'apache'. We have
> > > added apache to the 'webadmin' group (the owner of the web directory tree
> > > that contains the pmwiki). We had to do this so that apache could 'write'
> > > the file in the first place.
> >
> > If you followed the standard PmWiki installation steps,
> > you shouldn't have needed to add apache to the 'webadmin'
> > group.  So, something else occurred here.
> >
> > My suggestion at this point would be to do the following:
> >
> > 1.  Make sure you have pmwiki.php without any modifications.
> >
> > 2.  Make sure the group ownership of wiki.d/ and its parent
> >     directory is 'webadmin' .
> >
> > 3.  Change the permissions on wiki.d/ to be 2775.  This will
> >     cause the directory to have rwxrwsr-x permissions.  Any
> >     files created in this directory will end up being in
> >     the 'webadmin' group, which means that the webadmin
> >     account will still be able to manipulate the files.
> >
> > 4.  Change the group ownership of any existing files in wiki.d/
> >     to be 'webadmin', and set all of the files to have 664
> >     (rw-rw-r--) permissions.
> >
> > That should eliminate the need for world write permissions
> > on files in wiki.d/ .  If you have uploads enabled, you'll
> > want to do a similar process for the uploads/ directory
> > and any of its subdirectories.
> >
> > Doing the above brings you to the same configuration that
> > would occur by following step 3b in PmWiki's installation
> > instructions ( http://www.pmwiki.org/wiki/PmWiki/Installation ).
> >
> > Hope this helps,
> >
> > Pm
> >
> > >
> >
> > _______________________________________________
> > pmwiki-users mailing list
> > pmwiki-users at pmichaud.com
> > http://www.pmichaud.com/mailman/listinfo/pmwiki-users
> >
> 
> 
> -- 
> Ben Wilson
> "Words are the only thing which will last forever" Churchill
> 
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users



More information about the pmwiki-users mailing list