As you are probably aware this is not a new problem in Symfony2 at all. Symfony1 already needed to make cache files and update log files that might involve permissions problems. (And, come to think of it, cloud problems. The cache files are necessary even in production and you can't move the ones for the core stuff to another backend other than files, right?)
But you're right, it's messy and has always been messy. I submitted a patch back in the 1.0 days to make the 666/777 business configurable. (It wasn't a great patch.) Our deployment recommendations have always been to create a single user for both Apache and the command line tasks run on behalf of the website. It amazes me how many admins fight this tooth and nail, seemingly unaware that they have already configured PHP so that it is allowed to call system() anyway! Other solutions generally involve things getting screwed up eventually. You might be using a library like Zend Lucene that doesn't ensure that the directories and folders it creates all share the permissions and group ownership of the parent, etc. Command line tasks never go away, even in production - cron jobs are essential for many purposes. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
