[pmwiki-users] umask'ing wiki.d
Patrick R. Michaud
pmichaud at pobox.com
Mon Jan 31 09:23:01 CST 2005
On Tue, Feb 01, 2005 at 03:46:07AM +1300, Robin wrote:
> > umask(007);
> ITYM umask(027), that did the trick, cheers.
> (with 007 it makes the permissions 660)
Yours is a somewhat special case, since you apparently have root
privileges. In the general case a wiki administrator will want
to use 007, because they'll want the files to end up with 660
permissions if they're to have any hope of removing or
manipulating the files in wiki.d. :-)
For example, here's how things are set up on pmwiki.org when
umask is set to 007:
perms owner group
pmwiki/ drwxr-xr-x pmichaud pmichaud
pmwiki.php -rw-r--r-- pmichaud pmichaud
wiki.d/ drwxrws--- apache pmichaud
Main.HomePage -rw-rw---- apache pmichaud
Main.WikiSandbox -rw-rw---- apache pmichaud
Profiles.Pm -rw-rw---- apache pmichaud
These settings allow the webserver (apache) and me (pmichaud) to be
able to access and manipulate the files in wiki.d/, while denying
access to other users on the same system. Here you can see the
advantage of having the setgid bit on wiki.d/, causing all of the
page files to be the same group as wiki.d/ (pmichaud).
Without that setgid bit, things would end up looking like this:
perms owner group
pmwiki/ drwxr-xr-x pmichaud pmichaud
pmwiki.php -rw-r--r-- pmichaud pmichaud
wiki.d/ drwxrwxrwx pmichaud pmichaud
Main.HomePage -rw-rw-rw- apache apache
Main.WikiSandbox -rw-rw-rw- apache apache
Profiles.Pm -rw-rw-rw- apache apache
The files have to be 666 permissions so that pmichaud can delete
and manipulate them. Unfortunately this means that any other user
logged into the system could do so as well, but I don't know of a
good way around this given Apache's current execution model. (BTW,
this is an issue for all CGI scripts on a shared webhost, not just
PmWiki.)
Pm
More information about the pmwiki-users
mailing list