New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make default chmod permissions configureable for files and directories #10789
Comments
This change fixes our problems. sed -i 's/075/077/' core/Filesystem.php The the feature request would be to make default permissions configureable: 600 as default for files can be changed to 660. |
I think it may be good to have a config setting for this. Background: For some users it is a problem to set permissions by default to |
@xrow I'm not sure whether you are familiar with patching files. I have issued a PR for this here: https://github.com/piwik/piwik/pull/10812/files could you try to apply the changes to your server and then set the config entry I cannot promise that this PR would be merged as it is not really good to have |
You are totally right. I think the problem is actually that we do not try |
In other system I know they try to solve it by making the mask configurable for directories and files. For my scenario I would need 770 and 660 as mentioned. Is it a good idea to implement this as a feature? |
it may be a good idea to solve it with configurable mask. |
Hi, this is quite straight forward and simple. Have a look. https://github.com/ezsystems/ezpublish-legacy/blob/master/settings/site.ini#L970 Again... You need one mask for directories and one mask for files. |
I just experienced files/directories ownership issues and if think my use case might be related to this discussion. Rather than using FTP, I manage web files using ssh, therefore with my own user id. Since I need files to be readable/writable by both my user and www-data, I created a dedicated group. All files/directories belong to that group, thanks to the SUID bit on the parent directory. When piwik writes files/directories, however (session files, software updates), it does not give group write privilege, so my user can't modify / delete them. In other words, once the parent dir is configured with the SUID bit, my user can install and run piwik without root privileges, but at some point, it can get locked out and need root privileges to delete piwik. Maybe I shouldn't be doing this in the first place. I didn't find any alternative. Please excuse me if this is irrelevant. |
@lafrech This is a relevant question and has become an issue when updating. Fetching new files creates them as one user, but the webserver is another. Is it assumed the webserver and the either zip downloader or git user will be the same and it's ok the webserver can access everything? |
Hi,
we had been working with piwik for some time now and we always had issues with permissions. We solved it by having the cron and webtraffic on different servers.
I was looking lately at this line. It seems that 750 seem too restricted by default since cron and webserver user need to write into the tmp dir.
https://github.com/piwik/piwik/blob/3.x-dev/core/Filesystem.php#L450
My proposal is to change to 0770. So that group apache/webserver can write too. That group is also the group of the cron user. I would hope/assume that would be also be a valid setup.
Other then that I am not sure how i can solve the issues that webserver and cron are different users.
The text was updated successfully, but these errors were encountered: