Ah, good timing~! I just posted about this subject in the forum today I too think that symfony should put the 'directory and file permission settings' in one spot to make it easy to change for users to change the settings.
Here is the post from the forum: --------------------------------------- Problem is symfony has 'hard-coded' directory & file permission settings of 0777 and 0666 embedded within symfony code. These permission settings can be a security risk (world writable files??) AND, for servers running PHPSUEXEC (which enforces more security), default install of symfony is broken (throws 500 errors). Please see this long thread for more information: http://www.symfony-project.org/forum/index.php/mv/msg/10781/ 43604/ After my 4th upgrade of symfony, I would like now to create a patch to fix this problem with symfony to make it easier for all users to control permissions on directories & files 'built' with symfony, and especially to make symfony work for servers with PHPSUEXEC. Here is what I think could be done, but I need someone more familiar with symfony to check my code, please. And I am not sure exactly how to create a patch! Could someone please work with me on this? In symfony/php_dir/data_dir/symfony/config/constants.php, add the 'constants' for permission settings so that users can easily change these values in one spot and not have to search through code: ... sfConfig::add(array( //directory and file permission settings // possible directory values: 0777, 0775, 0755, 0700 // possible file values: 0666, 0664, 0644, 0600 'sf_directory_perm' => $sf_directory_perm = 0755, 'sf_file_perm' => $sf_file_perm = 0644, // root directory names 'sf_bin_dir_name' => $sf_bin_dir_name = 'batch', 'sf_cache_dir_name' => $sf_cache_dir_name = 'cache', ... Next, to set references to these new 'constants' in all the files where the directory & file permission settings are 'hard-coded'. For instance, in symfony/php_dir/data_dir/symfony/tasks/sfPakeMisc.php, change the original code: (Is this the correct method to use, I hope?) ... /** * fixes permissions in a symfony project * * @example symfony fix-perms * * @param object $task * @param array $args */ function run_fix_perms($task, $args) { $sf_root_dir = sfConfig::get('sf_root_dir'); pake_chmod(sfConfig::get('sf_cache_dir_name'), $sf_root_dir, 0777); pake_chmod(sfConfig::get('sf_log_dir_name'), $sf_root_dir, 0777); pake_chmod(sfConfig::get('sf_web_dir_name').DIRECTORY_SEPARATOR.sfConfig::get('sf_upload_dir_name'), $sf_root_dir, 0777); pake_chmod('symfony', $sf_root_dir, 0777); $dirs = array(sfConfig::get('sf_cache_dir_name'), sfConfig::get('sf_web_dir_name').DIRECTORY_SEPARATOR.sfConfig::get('sf_upload_dir_name'), sfConfig::get('sf_log_dir_name')); $dir_finder = pakeFinder::type('dir')->ignore_version_control(); $file_finder = pakeFinder::type('file')->ignore_version_control(); foreach ($dirs as $dir) { pake_chmod($dir_finder, $dir, 0777); pake_chmod($file_finder, $dir, 0666); } } ... to this: ... /** * fixes permissions in a symfony project * * @example symfony fix-perms * * @param object $task * @param array $args */ function run_fix_perms($task, $args) { $sf_root_dir = sfConfig::get('sf_root_dir'); pake_chmod(sfConfig::get('sf_cache_dir_name'), $sf_root_dir, sfConfig::get('sf_directory_perm')); pake_chmod(sfConfig::get('sf_log_dir_name'), $sf_root_dir, sfConfig::get('sf_directory_perm')); pake_chmod(sfConfig::get('sf_web_dir_name').DIRECTORY_SEPARATOR.sfConfig::get('sf_upload_dir_name'), $sf_root_dir, sfConfig::get('sf_directory_perm')); pake_chmod('symfony', $sf_root_dir, sfConfig::get('sf_directory_perm')); $dirs = array(sfConfig::get('sf_cache_dir_name'), sfConfig::get('sf_web_dir_name').DIRECTORY_SEPARATOR.sfConfig::get('sf_upload_dir_name'), sfConfig::get('sf_log_dir_name')); $dir_finder = pakeFinder::type('dir')->ignore_version_control(); $file_finder = pakeFinder::type('file')->ignore_version_control(); foreach ($dirs as $dir) { pake_chmod($dir_finder, $dir, sfConfig::get('sf_directory_perm')); pake_chmod($file_finder, $dir, sfConfig::get('sf_file_perm')); } } ... This change, replace 0777 with sfConfig::get('sf_directory_perm') and 0666 with sfConfig::get('sf_file_perm'), would need to be done in all files where symfony has hard-coded values. Also, some plugins, such as sfMediaLibrary, also have 'hard-coded' permission settings like this 0777, so authors of plugins would need to be aware of new option for directory & file permissions in sfConfig constants.php. Here are the files where the directory permission settings are hard- coded to 0777 (as of symfony version 1.0.16). Note: symfony 1.1 also has same hard-coded permission settings. symfony/php_dir/data_dir/symfony/tasks/sfPakeUpgrade.php symfony/php_dir/data_dir/symfony/tasks/sfPakeMisc.php symfony/php_dir/symfony/log/sfLogManager.class.php symfony/php_dir/symfony/log/sfLogger/sfFileLogger.class.php symfony/php_dir/symfony/vendor/phing/system/io/FileSystem.php symfony/php_dir/symfony/vendor/phing/system/io/PhingFile.php symfony/php_dir/symfony/vendor/phing/lib/Zip.php symfony/php_dir/symfony/vendor/pake/pakeFunction.php symfony/php_dir/symfony/storage/sfSessionTestStorage.class.php symfony/php_dir/symfony/cache/sfFileCache.class.php symfony/php_dir/symfony/cache/sfSQLiteCache.class.php symfony/php_dir/symfony/request/sfWebRequest.class.php and the files where the file permission setting is hard-coded to 0666: symfony/php_dir/data_dir/symfony/tasks/sfPakeMisc.php symfony/php_dir/symfony/log/sfLogger/sfFileLogger.class.php symfony/php_dir/symfony/cache/sfFileCache.class.php symfony/php_dir/symfony/request/sfWebRequest.class.php I would so appreciate some help with this patch. I think it would be a big improvement to symfony's code. I will listen to any feedback! Thank you for your time. Jill Elaine --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
