[Vtigercrm-developers] Linux file permissions...
Alan Lord
alanslists at gmail.com
Wed Mar 27 11:58:13 GMT 2013
<rant>
Dear vtiger devs please can you stop using 777 whenever you
programatically install a new file or directory?
This is *really* bad practice.
When a custom module is installed via the module manager everything is
set to 777 which means that every file and directory is
read/write/execute for *any* user.
I just looked at the code for the vtiger end of the Exchange Connector
before installing it on a customer's system and there is "if
(!is_dir($dir)) mkdir($dir, 0777, true);"
Normal practice for POSIX would be:
1. Directories within the vtiger tree should be 755 (rwxr-xr-x)
which prevents writing by anyone other than apache - the file owner.
2. .php files should be 644 (rw-r--r--) which makes them read-only for
everyone but apache (the file owner) and not executable by anything.
Ideally most files and directories should not even be writeable by
apache. But they certainly do not need to be executable.
In my opinion this is just really shoddy and lazy. It is also very bad
from a security perspective.
Alan
PS: On Windows I really do not care what you do - We do not use Windows
because of this kind of thing. On Posix systems we have a proper file
system with a proper permission architecture for a very good reason...
</rant>
More information about the vtigercrm-developers
mailing list