checksetup.pl should fixPerms the Bugzilla directory

RESOLVED FIXED in Bugzilla 3.0

Status

()

P3
normal
RESOLVED FIXED
14 years ago
12 years ago

People

(Reporter: Wurblzap, Assigned: mkanat)

Tracking

2.19.2
Bugzilla 3.0
Bug Flags:
blocking2.22 -
blocking2.20 -

Details

(Whiteboard: [fixed by blocker])

Attachments

(1 attachment)

(Reporter)

Description

14 years ago
I'm talking about the directory Bugzilla is installed in, not the Bugzilla
subdirectory of it.

I think checksetup.pl should give the right permissions to the Bugzilla
directory so that it is neither too open (rwxrwxrwx -- giving full access to
local users) nor too protected (rwx------ -- possibly giving no access to the
web server).
(Reporter)

Updated

14 years ago
Flags: blocking2.20?
This makes sense.  It's a FAQ, even. :)
Flags: blocking2.20? → blocking2.20+
Target Milestone: --- → Bugzilla 2.20
(Assignee)

Comment 2

14 years ago
Yeah, that does make sense. There's a larger chance that that will fail to
actually work (because the /var/html/www directory perms might not let me change
the Bugzilla directory perms), but it's still a good thing to attempt to do.

I'd guess that the perms should be... 750? Or if we don't have a good
webservergroup, then 755.
Assignee: zach → nobody
"If it's not a regression from 2.18 and it's not a critical problem with
something that's already landed, let's push it off." - Dave
Flags: blocking2.20+
Whiteboard: [wanted for 2.20]
Flags: blocking2.20-
(Reporter)

Comment 4

13 years ago
This has Myk's [wanted for 2.20] stamp on it -- requesting blocking2.22.
Flags: blocking2.22?
I'll take this for both 2.20 and 2.22 if someone does it (before we branch for 2.22), but I won't hold the release for it.
Flags: blocking2.22? → blocking2.22-
Whiteboard: [wanted for 2.20]

Comment 6

13 years ago
Created attachment 203892 [details] [diff] [review]
Fix permissions on "."

Call fixPerms on "." during the rest of the permissions checking.

Updated

13 years ago
Attachment #203892 - Flags: review?(mkanat)

Comment 7

13 years ago
Comment on attachment 203892 [details] [diff] [review]
Fix permissions on "."

>+        fixPerms('.', $<, $webservergid, 027, 1);

If we pass '.' to fixPerms(), then the perms for .htaccess will be automatically set, right? Then we could remove the line fixing .htaccess separately.
(Assignee)

Comment 8

13 years ago
(In reply to comment #7)
> If we pass '.' to fixPerms(), then the perms for .htaccess will be
> automatically set, right?

  No, I don't think so... why would that happen?
(Reporter)

Comment 9

13 years ago
Comment on attachment 203892 [details] [diff] [review]
Fix permissions on "."

You're handing 1 as do_dirs parameter to fixPerms, which makes it steamroll over all permissions that have been finely tuned in the preceding lines. Don't do that :)

I think that the do_dir parameter should be 0. (Comment 7 doesn't apply anymore then, so the .htaccess fixPerms call needs to stay.)
Attachment #203892 - Flags: review?(mkanat) → review-
(Reporter)

Comment 10

13 years ago
Mike, are you willing to take another stab at this?

Comment 11

13 years ago
Unfortunately not in the short term, sorry.
(Assignee)

Updated

13 years ago
Priority: -- → P3

Comment 12

13 years ago
Only security and dataloss fixes will be accepted on the 2.20 branch.
Assignee: nobody → installation
Target Milestone: Bugzilla 2.20 → Bugzilla 2.22
(Assignee)

Comment 13

12 years ago
It's really easy to fix this while I'm writing bug 346552, so I'm doing it there, for the tip.
Depends on: 346552
Whiteboard: [blocker will fix on tip]
(Assignee)

Updated

12 years ago
Whiteboard: [blocker will fix on tip] → [blocker fixed it on tip]
(Reporter)

Comment 14

12 years ago
I for one wouldn't mind setting this bug's target milestone to 2.24 and marking it FIXED.
(Assignee)

Comment 15

12 years ago
Okay, sounds good to me. :-) Fixed by blocker.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
Whiteboard: [blocker fixed it on tip] → [fixed by blocker]
Target Milestone: Bugzilla 2.22 → Bugzilla 3.0
(Reporter)

Updated

12 years ago
Assignee: installation → mkanat
You need to log in before you can comment on or make changes to this bug.