[Vtigercrm-developers] File Permission in installation package

[Alan Lord (News)]

On 27/08/14 12:33, Uma S wrote:
> Hi Istvan,
>
> I would like to dig in deep with this issue, where file permission in
> installation package in haphazard way.

This has been raised (by me at least) a zillion times before...

On a Linux (POSIX) system there are no files in the vtiger directory 
that EVER need to be executable. Some are actually set as 777 
(rwxrwxrwx) which is a big security issue and just bad practice.

The config file(s) should probably be 640 (rw-r-----) so it is not 
readable by anyone other than the web server process or root and only 
writeable by the web server or root.

Your module installer *always* installs all files as 777. I've raised 
this numerous times in the past.

HTH

Al



>
> /sudo find /home/*user*/public_html/ -type f -exec chmod 644 {} \;
> sudo find /home/*user*/public_html/ -type d -exec chmod 755 {} \;
> sudo chown www-data:www-data -R /home/*user*/public_html/
>
> (if this adjustment was not done I had got server error 500 due to
> important files with chmod 777 )
>
> In my case the user was the ubuntu user.
>
> /
> /By the way, in the vtiger install zip and in the SVN the file access
> setup in full confusion. Some of files in chmod 644, some of files in
> chmod 777 and the directories are also in different and illogical mix. /
>
> Could you please elaborate on this issue. So which will shed more light
> on this. While installing how are you configuring permission for files?
> And what's your expectation about permissions.
>
> --
> With
> Best Regards
> Uma.S
> Vtiger Team
>
>
> _______________________________________________
> http://www.vtiger.com/
>


-- 
Libertus Solutions
http://www.libertus.co.uk