[pmwiki-users] Security breach?
a at plus1plus1plus.org
Mon Dec 22 17:37:28 CST 2008
thanks for the email, but since i'm not a trained web-admin, that
page you sent is simply mystifying, and doesn't seem to say anything
about changing permissions of folders to 775 as Dave suggested.
if pmwiki is so open to multiple levels of users, and what you say is
true, wouldn't the pmwiki documentation somewhere simply say:
step 1: change permissions to 777
step 2: create your directories
step 3: change your permissions back to ___
i don't see anything anywhere on the site that says this in layman's
language. everything else is so clear and straight-forward, but this
huge security issue doesn't say anywhere what to set. and, as stated
in the safe-mode section, if i recall correctly i had to change those
two directories, uploads and wiki.d, to 777 in order to be able to
write into them.
so, following what the pmwiki website seems to say, i've bascially
got everything set to 755 except uploads and wiki.d which are set to
777. if this is not right, can someone (preferably patrick) put
directly in layman's terms what should be the correct settings? i
really don't want to make a drastic move dealing with security
without seeing something in print on the site that says "everything
is going to just fine if ___", know what i mean?
> Message: 3
> Date: Tue, 23 Dec 2008 00:13:30 +0200
> From: Rogut?s <rogutes at googlemail.com>
> Subject: Re: [pmwiki-users] Security breach?
> To: pmwiki-users at pmichaud.com
> Message-ID: <20081222221330.GA7454 at ugu.dokeda.lt>
> Content-Type: text/plain; charset=utf-8
> adam overton (2008-12-22 13:00):
>> hi, is this true?
>>> Either way, don't set
>>> anything to 777.
>> b/c the installation instructions for pmwiki (http://pmwiki.org/wiki/
>> PmWiki/Installation) say setting uploads and wiki.d to 777. should
>> they be 775 instead? just wondering if there's any consensus on this
>> before i go start twiddling, changing permissions...
> When starting with a clean PmWiki installation and navigating to
> pmwiki.php, one is greeted with this rather familiar error message:
> "PmWiki needs to have a writable $dir/ directory before it can
> and an explanation how to set appropriate permissions for wiki.d/. Two
> suggestions are provided by Pm:
> 1. Chmod wiki.d to 777.
> 2. Chmod wiki.d to 2777 (use the setguid bit), reload and chmod it to
> whatever it was before.
> The second option is said to lead to "a slightly more secure
> installation", but it is only displayed (and usable) if PHP
> safemode is
> turned off.
> Refer to pmwiki.org for explanations:
> Anyway, this kind of security (hiding of world writable directories to
> other users) should be provided by the ones selling shared hosting
> -- Rogut?s
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pmwiki-users