https://bugzilla.wikimedia.org/show_bug.cgi?id=49159
Web browser: ---
Bug ID: 49159
Summary: Relax suPHP's paranoia
Product: Wikimedia Labs
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: tools
Assignee: [email protected]
Reporter: [email protected]
Classification: Unclassified
Mobile Platform: ---
A recurring issue for new users seems to be that they need to "take $FILE" as
the tool account after uploading/editing a PHP/CGI/etc. file with their Labs
account for the web access to work.
I think it would be useful to relax suPHP's paranoia a bit. The plan would be:
- If a file is under /data/project/$TOOL/{cgi-bin,public_html}:
- If the file's group is local-$TOOL:
- Execute as user local-$TOOL, group local-$TOOL.
In other words, the check that the file's user is local-$TOOL would be removed.
AFAICS, suPHP doesn't allow such a configuration at the moment (you only seem
to be able to force *all* files in a directory to be executed as a specified
user, but then you lose the "file's group = local-$TOOL" check), so coding is
probably needed.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
