Mahara

Dangerous advice for shared hosting in config-defaults.php

Bug #911538 reported by François Marier
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Hugh Davenport
Mahara 1.5.0

Bug Description

In htdocs/lib/config-defaults.php, we currently have the following:

  // directorypermissions - what permissions to use for files and directories in
  // dataroot. The default allows only the web server user to read the data. If
  // you're on shared hosting and might want to download the contents of your
  // dataroot later (e.g. for backup purposes), set this to 0777. Otherwise,
  // leave it as is!
  //$cfg->directorypermissions = 0700;

I don't see a reason for the 0777 recommendation. That should probably be a 0755.

Tags: security
Revision history for this message
Hugh Davenport (hugh-davenport) wrote :

 https://reviews.mahara.org/1006

Changed in mahara:
assignee: nobody → Hugh Davenport (hugh-catalyst)
status: Triaged → In Progress
Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/1006
Committed: http://gitorious.org/mahara/mahara/commit/9c5d33b7907fe31568659618c2673029e321e9e1
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit 9c5d33b7907fe31568659618c2673029e321e9e1
Author: Hugh Davenport <email address hidden>
Date: Wed Jan 25 12:12:09 2012 +1300

    Change recommendation of dir perms from 777 to 755

    Bug #911538

    Change-Id: I10cfdb5f08e1e04f0e76b37d5937eed0a123a092
    Signed-off-by: Hugh Davenport <email address hidden>

François Marier (fmarier)
Changed in mahara:
status: In Progress → Fix Committed
Melissa Draper (melissa)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.