[pmwiki-users] Files rewritten at world-writable
Daphne Tregear
daf at cs.man.ac.uk
Mon Jul 18 11:47:14 CDT 2005
>>>>> "Patrick" == Patrick R Michaud <pmichaud at pobox.com> writes:
Patrick> Normally one doesn't use setgid permissions (rws) if the
Patrick> directory is in "nogroup". Usually we would make sure
Patrick> that the directory has the same group as the account
Patrick> owner (i.e., the same group as the parent), and then use
Patrick> setgid. This will ensure that all files in wiki.d/ and
Patrick> uploads/ have the same group membership as the account
Patrick> holder, and then PmWiki doesn't add any world
Patrick> permissions.
Thank you very much. I didn't pick that up from the docs.
Patrick> No, the files don't need world write permission for
Patrick> PmWiki to work.
Excellent!
Patrick> But given the configuration you have
Patrick> above one would need world write permission in order for
Patrick> the account holder (the account that installed PmWiki) to
Patrick> be able to remove/rename the files in wiki.d/ .
Not if one has root permission everywhere ;->
Patrick> So, PmWiki adds the world write permissions in order to
Patrick> preserve the account holder's ability to access those
Patrick> files. This ends up being the right choice in most
Patrick> situations -- otherwise the account holder needs special
Patrick> scripts available to do it for them.
Fine. Now I understand.
Patrick> If you change wiki.d/ and uploads/ to have the same group
Patrick> as their parent directory,
Done. And it works.
Patrick> and add the setgid bit (2777)
I just left the setgid bit on wiki.d/ and uploads/ without leaving them
world writable.
Patrick> won't put world write permissions on the directory
Thanks again.
Daf
More information about the pmwiki-users
mailing list