Closed Bug 285137 Opened 19 years ago Closed 18 years ago

checksetup.pl should fixPerms the Bugzilla directory

Categories

(Bugzilla :: Installation & Upgrading, defect, P3)

Product:
Bugzilla
Component:
Installation & Upgrading
Version:
2.19.2
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.0

People

(Reporter: Wurblzap, Assigned: mkanat)

References

Details

(Whiteboard: [fixed by blocker])

Attachments

(1 file)

Fix permissions on "."
976 bytes, patch
Wurblzap
: review-
Details | Diff | Splinter Review 
I'm talking about the directory Bugzilla is installed in, not the Bugzilla
subdirectory of it.

I think checksetup.pl should give the right permissions to the Bugzilla
directory so that it is neither too open (rwxrwxrwx -- giving full access to
local users) nor too protected (rwx------ -- possibly giving no access to the
web server).
Flags: blocking2.20?
This makes sense.  It's a FAQ, even. :)
Flags: blocking2.20? → blocking2.20+
Target Milestone: --- → Bugzilla 2.20
Yeah, that does make sense. There's a larger chance that that will fail to
actually work (because the /var/html/www directory perms might not let me change
the Bugzilla directory perms), but it's still a good thing to attempt to do.

I'd guess that the perms should be... 750? Or if we don't have a good
webservergroup, then 755.
Assignee: zach → nobody
"If it's not a regression from 2.18 and it's not a critical problem with
something that's already landed, let's push it off." - Dave
Flags: blocking2.20+
Whiteboard: [wanted for 2.20]
Flags: blocking2.20-
This has Myk's [wanted for 2.20] stamp on it -- requesting blocking2.22.
Flags: blocking2.22?
I'll take this for both 2.20 and 2.22 if someone does it (before we branch for 2.22), but I won't hold the release for it.
Flags: blocking2.22? → blocking2.22-
Whiteboard: [wanted for 2.20]
Call fixPerms on "." during the rest of the permissions checking.
Attachment #203892 - Flags: review?(mkanat)
Comment on attachment 203892 [details] [diff] [review]
Fix permissions on "."

>+        fixPerms('.', $<, $webservergid, 027, 1);

If we pass '.' to fixPerms(), then the perms for .htaccess will be automatically set, right? Then we could remove the line fixing .htaccess separately.
(In reply to comment #7)
> If we pass '.' to fixPerms(), then the perms for .htaccess will be
> automatically set, right?

  No, I don't think so... why would that happen?
Comment on attachment 203892 [details] [diff] [review]
Fix permissions on "."

You're handing 1 as do_dirs parameter to fixPerms, which makes it steamroll over all permissions that have been finely tuned in the preceding lines. Don't do that :)

I think that the do_dir parameter should be 0. (Comment 7 doesn't apply anymore then, so the .htaccess fixPerms call needs to stay.)
Attachment #203892 - Flags: review?(mkanat) → review-
Mike, are you willing to take another stab at this?
Unfortunately not in the short term, sorry.
Priority: -- → P3
Only security and dataloss fixes will be accepted on the 2.20 branch.
Assignee: nobody → installation
Target Milestone: Bugzilla 2.20 → Bugzilla 2.22
It's really easy to fix this while I'm writing bug 346552, so I'm doing it there, for the tip.
Depends on: 346552
Whiteboard: [blocker will fix on tip]
Whiteboard: [blocker will fix on tip] → [blocker fixed it on tip]
I for one wouldn't mind setting this bug's target milestone to 2.24 and marking it FIXED.
Okay, sounds good to me. :-) Fixed by blocker.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Whiteboard: [blocker fixed it on tip] → [fixed by blocker]
Target Milestone: Bugzilla 2.22 → Bugzilla 3.0
Assignee: installation → mkanat
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: