[pmwiki-users] Security breach?

Rogutės rogutes at googlemail.com
Mon Dec 22 16:13:30 CST 2008


adam overton (2008-12-22 13:00):
> 
> hi, is this true?
> 
> > Either way, don't set
> > anything to 777.
> 
> 
> b/c the installation instructions for pmwiki (http://pmwiki.org/wiki/ 
> PmWiki/Installation) say setting uploads and wiki.d to 777. should  
> they be 775 instead? just wondering if there's any consensus on this  
> before i go start twiddling, changing permissions...
> 
> thx
> adam


When starting with a clean PmWiki installation and navigating to
pmwiki.php, one is greeted with this rather familiar error message:
"PmWiki needs to have a writable $dir/ directory before it can continue."
and an explanation how to set appropriate permissions for wiki.d/. Two
suggestions are provided by Pm:
1. Chmod wiki.d to 777.
2. Chmod wiki.d to 2777 (use the setguid bit), reload and chmod it to
   whatever it was before.

The second option is said to lead to "a slightly more secure
installation", but it is only displayed (and usable) if PHP safemode is
turned off.

Refer to pmwiki.org for explanations:
http://pmwiki.org/wiki/PmWiki/FilePermissions

Anyway, this kind of security (hiding of world writable directories to
other users) should be provided by the ones selling shared hosting
services.


--  Rogutės



More information about the pmwiki-users mailing list