Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider changing the default dir and file permissions and/or use of umask #55

Open
michaellenaghan opened this issue Jun 8, 2022 · 3 comments
Open

Consider changing the default dir and file permissions and/or use of umask #55

michaellenaghan opened this issue Jun 8, 2022 · 3 comments
Labels
enhancement New feature or request

Comments

@michaellenaghan
Copy link

There are two main approaches to giving the web server access to files. I'm not sure the details are relevant. What is, I think, is this. While trying them out, I kept losing control of the files Automad was creating.

I tracked it down to this:

		// PERMISSIONS
		self::set('AM_PERM_DIR', 0755);
		self::set('AM_PERM_FILE', 0644);

Automad is using too-restrictive permissions.

The good news — very good news! — is that I was able to change the defaults by adding them to my config.php. (One quirk: config.php uses JSON syntax, and JSON doesn't support octal notation; I had to convert the permissions to decimal. That feels... very strange.)

The odd thing is that Automad also sets the umask. I don't think that's right? I think the right thing is a) setting "maximum" permissions and then b) combining them with the user's umask. Without changing the user's umask. That way the user effectively chooses the permissions.

If you take a look at Symfony, you can see that they always use 0777 for directories and 0666 for files, so I think that's right. But if you like I can go looking for further (and more definitive) evidence.
@michaellenaghan michaellenaghan changed the title Consider changing the default dir and file permissions and/or umask Consider changing the default dir and file permissions and/or use of umask Jun 8, 2022
@michaellenaghan
Copy link
Author

Let me know if you'd like me to tackle this.

@marcantondahmen
Copy link
Owner

At moment the configured permissions are enforced by ignoring the umask and setting it temporarily to 0. But I understand it also somehow makes sense to respect the existing umask. I will take a look at it.

@marcantondahmen marcantondahmen added the enhancement New feature or request label Jun 11, 2022
@michaellenaghan
Copy link
Author

As with issue #54, I have to say that this is not about opinion, it's about the right and wrong way to do things.

I know that you don't know me, and that I don't have any authority in your eyes. That's why I keep taking the time to look at established PHP frameworks and products, why I keep including links to them.

At the start of this thread I gave you links that showed Symfony works in a way that's consistent with what I suggested.

This is the one and only place Kirby, another flat-file CMS, calls mkdir. Note there's no permissions. That makes sense to me, because the default for directories is 0777.

This is the one and only place Kirby writes files. Again, there's no permissions. That makes sense to me, because the default for files is 0666.

Unix systems work a certain way. They expect apps to work a certain way. You have to work in line with expectations.

Note that there are times where you should be more specific with permissions. For example, you might not want to create accounts.php with the default 0666 permissions. Again, though, you'd be thinking about the maximum reasonable permissions for that file, and you'd let the user's umask reduce that further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaellenaghan @marcantondahmen