On Mon, Aug 16, 2010 at 5:09 PM, Aaron Toponce <aaron.topo...@gmail.com> wrote: > On Mon, Aug 16, 2010 at 11:27:23AM +1200, Brenda Wallace wrote: >> the installer currently suggests the following: >> Cannot write config file to: /home/brenda/workspace/statusnet >> On your server, try this command: chmod a+w >> /home/brenda/workspace/statusnet >> >> I'd like to change this to >> On your server, try this command: touch >> /home/brenda/workspace/statusnet/config.php; chmod a+w >> /home/brenda/workspace/statusnet/config.php >> (as well as a few other change to support this, they're all in the >> installer.) >> >> This limits the amount of damage a future code bug can do. > > It's a rather poor suggestion to tell the user to 'chmod a+w' anything > on the system. Only the webserver needs write access, along with the > owner of the file. No one else should need write access, especially the > config.php. In fact, the read bit should be removed on that file, if > any.
i agree that changing ownership of the file is more secure, the target audience for this is mostly people who do not have root access on their server. Those who do have root are likely to know to chown files instead. We can word the message to suggest this, but as advice to newbies it's not helpful unless they also have root. -- Kotahi tamaiti, Kotahi rorohiko iti: Aotearoa http://laptop.org.nz _______________________________________________ StatusNet-dev mailing list StatusNet-dev@lists.status.net http://lists.status.net/mailman/listinfo/statusnet-dev
