[Vtigercrm-developers] Linux file permissions...

Prasad prasad at vtiger.com
Wed Mar 27 12:16:10 GMT 2013


Noted: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7664

Regards,
Prasad

*Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
Facebook<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
 *I* Blog <http://blog.vtiger.com/>* I*
Wiki<http://wiki.vtiger.com/index.php/Main_Page>
 *I *Forums  <http://forums.vtiger.com/>*I* Website <http://vtiger.com/>


On Wed, Mar 27, 2013 at 5:28 PM, Alan Lord <alanslists at gmail.com> wrote:

> <rant>
>
> Dear vtiger devs please can you stop using 777 whenever you
> programatically install a new file or directory?
>
> This is *really* bad practice.
>
> When a custom module is installed via the module manager everything is set
> to 777 which means that every file and directory is read/write/execute for
> *any* user.
>
> I just looked at the code for the vtiger end of the Exchange Connector
> before installing it on a customer's system and there is "if
> (!is_dir($dir)) mkdir($dir, 0777, true);"
>
> Normal practice for POSIX would be:
>
> 1. Directories within the vtiger tree should be 755 (rwxr-xr-x)
> which prevents writing by anyone other than apache - the file owner.
>
> 2. .php files should be 644 (rw-r--r--) which makes them read-only for
> everyone but apache (the file owner) and not executable by anything.
> Ideally most files and directories should not even be writeable by apache.
> But they certainly do not need to be executable.
>
> In my opinion this is just really shoddy and lazy. It is also very bad
> from a security perspective.
>
> Alan
>
> PS: On Windows I really do not care what you do - We do not use Windows
> because of this kind of thing. On Posix systems we have a proper file
> system with a proper permission architecture for a very good reason...
>
> </rant>
>
> ______________________________**_________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20130327/9c1943c8/attachment.html>


More information about the vtigercrm-developers mailing list