Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File permissions in PHP Apache mode #1654

Closed
philmck opened this issue Aug 27, 2010 · 6 comments
Closed

File permissions in PHP Apache mode #1654

philmck opened this issue Aug 27, 2010 · 6 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc. wontfix If you can reproduce this issue, please reopen the issue or create a new one describing it.
Milestone
1.0

Comments

@philmck
Copy link

philmck commented Aug 27, 2010

When installed on a server that runs PHP in "Apache" mode (rather than "CGI" mode), temporary files created by Piwik (e.g. in /tmp/sessions) are created with default permissions of 600, which means they can't be subsequently written or modified by Piwik. They need permisions of at least 606 on this sort of server - i.e., publicly writeable.

This is such an obvious problem I can't believe it hasn't been reported, yet I haven't been able to find it (humble apologies therefore if it's a duplicate). Piwik is so close to being an excellent utility, and so close to v1.0 now it seems a pity to let this go.

The workaround implemented by my hosting company is to set up a cron job to periodically CHMOD all files in /tmp to be writeable, but this is a but of a kludge.
@robocoder
Copy link
Contributor

I already have plans to add a system check at installation.

In the meantime... your change might be considered a security vulnerability, ie locally exploitable session file hijacking.

Try chmod -R apache /your/piwik/folder

@robocoder
Copy link
Contributor

Sorry... I meant chown (not chmod).

@philmck
Copy link
Author

philmck commented Aug 28, 2010

Sadly, I can't chown files, I'm on shared hosting. My provider claims the alternatives are even less secure and wouldn't allow it anyway - there are arguments both ways, I know.

Glad to hear there are plans to address this, anyway. I defected to Google analytics for a while because of this, but it's just not the same.

@robocoder
Copy link
Contributor

If you were on a dedicated host, you could set apache's umask instead of using the hackish cron job. But on shared hosting, making your files world-writeable is a bad idea.

Your provider evidently hasn't heard of using phpsuexec for php-cgi (php runs under your user ID), or using php-fpm (which allows workers to be started with a different uid/gid or php.ini).

@anonymous-matomo-user
Copy link

Id like to confirm this issue. I need to make FTP backups of my whole project folder, and my FTP client stops working when it encounters those files that are only readable by the owner.

@robocoder
Copy link
Contributor

gerritvanaaken: please use the forum for further followup (instead of commenting on a closed ticket). You can safely ignore files in the tmp folder when ftp-ing.

@philmck philmck added this to the Piwik 1.0 milestone Jul 8, 2014
@mattab mattab added the wontfix label Aug 3, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc. wontfix If you can reproduce this issue, please reopen the issue or create a new one describing it.
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
4 participants
@philmck @mattab @robocoder @anonymous-matomo-user