[pmwiki-users] Permission troubles

Joachim Durchholz jo at durchholz.org
Sun Apr 24 10:27:20 CDT 2005


Patrick R. Michaud wrote:

> On Sun, Apr 24, 2005 at 03:13:59PM +0200, Joachim Durchholz wrote:
> 
>>I'm now doing not only
>>  chmod ugo+x `find -name "*.php"`
>>(to make the PHP scripts executable, so that they will work as CGI) but also
>>  chmod go-w `find -name "*.php"`
>>to make it palatable for suEXEC, as part of my PmWiki install routine.
>>
>>However, I'd greatly prefer it if the .php files came out of the tarball 
>>with the right permissions. Should I open a PITS issue for that?
> 
> Well, we can take care of it here on the list -- but let me make sure 
> I have all of the permissions correct for all files.  I'm guessing
> that files

Assuming you mean "*.php files" here.

 > in the distribution (except pmwiki.php) should have
> rw-r--r-- (644) permissions, all directories should have rwxr-xr-x (755) 
> permissions, and pmwiki.php should be marked as executable with 
> rwxr-xr-x  (755) permissions.

Actually it's enough if it's rwxr--r-- (744).
OTOH it's probably generally a good idea if executable and read bits are 
the same, so rwxr-xr-x is a good choice.
If we ever run into a really paranoid web server, we might consider 
rwxr-x---.

> It doesn't seem to me that the other .php scripts in the distribution
> need execute permissions, as they're not called directly from the 
> webserver anyway (they're always called via include).  

OK - I wasn't sure about that.

> Sound good?  

Yup.

I don't know how this interacts with safe mode though. (I avoid safe 
mode as far as I can - I have seen to many security reports mentioning 
it. But then I'm paranoid myself, as befits an admin for unfirewalled 
servers...)

Regards,
Jo



More information about the pmwiki-users mailing list