Today I set about taking advantage of pair.com's option for PHP scripts to run as the user who owns them.
Should be simple enough: set that up per Pair's knowledge base article, then call umask(0077) from config.php. Boom, no more nasty permissions. However, it didn't work: the cache folder kept getting recreated with inappropriately generous permissions. I discovered code in Symonfy's cache/sfFileCache.class.php which forces the umask to zero, forces directory permissions to 777, and forces file permissions to 666. This code is not parameterized in any way so this stuff happens whether you like it or not. Oops! This would allow other shared hosting companies to replace your code with hostile PHP. I have opened a ticket on this and submitted my own modified sfFileCache.class.php which can accept parameters to disable the umask calls and use different permissions for directories and files. You can read the ticket here: http://trac.symfony-project.org/ticket/4412 I have to emphasize that none of this will do you any good if you deploy Symfony in a shared hosting environment that runs PHP scripts as "nobody." But if your host allows setuid PHP scripts, this is the right way to make Symfony compatible with that. I'm still seeing some too-permissive permissions on files uploaded by the admin generator and/or FCK, but I haven't fully investigated these issues yet. -- Tom Boutell www.punkave.com www.boutell.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
