[pmwiki-users] Permission troubles
Joachim Durchholz
jo at durchholz.org
Sun Apr 24 10:27:20 CDT 2005
Patrick R. Michaud wrote:
> On Sun, Apr 24, 2005 at 03:13:59PM +0200, Joachim Durchholz wrote:
>
>>I'm now doing not only
>> chmod ugo+x `find -name "*.php"`
>>(to make the PHP scripts executable, so that they will work as CGI) but also
>> chmod go-w `find -name "*.php"`
>>to make it palatable for suEXEC, as part of my PmWiki install routine.
>>
>>However, I'd greatly prefer it if the .php files came out of the tarball
>>with the right permissions. Should I open a PITS issue for that?
>
> Well, we can take care of it here on the list -- but let me make sure
> I have all of the permissions correct for all files. I'm guessing
> that files
Assuming you mean "*.php files" here.
> in the distribution (except pmwiki.php) should have
> rw-r--r-- (644) permissions, all directories should have rwxr-xr-x (755)
> permissions, and pmwiki.php should be marked as executable with
> rwxr-xr-x (755) permissions.
Actually it's enough if it's rwxr--r-- (744).
OTOH it's probably generally a good idea if executable and read bits are
the same, so rwxr-xr-x is a good choice.
If we ever run into a really paranoid web server, we might consider
rwxr-x---.
> It doesn't seem to me that the other .php scripts in the distribution
> need execute permissions, as they're not called directly from the
> webserver anyway (they're always called via include).
OK - I wasn't sure about that.
> Sound good?
Yup.
I don't know how this interacts with safe mode though. (I avoid safe
mode as far as I can - I have seen to many security reports mentioning
it. But then I'm paranoid myself, as befits an admin for unfirewalled
servers...)
Regards,
Jo
More information about the pmwiki-users
mailing list