Petko Yotov wrote: (BTW sorry to all for my triple posting during the mailing list hiccup)
[...] >I assume that on some installations, one can have the FTP account, the the >PHP CGI/FastCGI process and the HTTP server all 3 different owners, and if >the server doesn't have read permissions, visitors will see the error 403 >forbidden. I know two hosters running Apache under one single account per server, therefore files processed by Apache need "group" (df.eu) or "other"(variomedia.de) permissions. http://www.df.eu/de/service/df-faq/webhosting/weitere-technische-faq/rechtevergabe/ At both hosters, PHP runs under the customers account, therefore only "owner" permissions are required for everything processed by PHP. [...] >Patrick, do you think this second argument should be made modifiable by a >wiki admin? And should it be 0444 by default or O? I would appreciate this. Where I use $EnableDirectDownload=0;, I don't need to add permissions for group or other. And we also should think about _removing_ permissions, see below! >The function fixperms() is only called with a second argument from >upload.php. This second argument was added in version 2.0.devel27 (25- >Nov-2004). > >> > BTW: There is no "fixperms" for "Mini" thumbnails. > >Both Thumblist and Mini don't use the fixperms() function for the >thumbnails. Indeed, since 2006, nobody has told me there was a problem with >permissions. But also, both recipes provide a way to remove the thumbnails >from within the wiki with ?action=purgethumbs so probably nobody needed >this, ever. There seem to be default permissions for files created by PHP, and they differ among hosting providers. I found 0640 and 0664 permissions for Mini thumbs. The latter is nonsense IMNSHO, I already asked the hosting provider how I can change it. Files uploaded by PmWiki got 0664 in all three cases - fixperms adds unneeded group write (and read) permissions even if PHP runs under the customers account. If I understand correctly, other customers on the same server can therefore not only read files written by PmWiki but also write them if they can guess the file path. Oliver -- Oliver Betz, Muenchen (oliverbetz.de) _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
