346552 - Move checksetup's permission-fixing code into a module

Status: RESOLVED FIXED

(Bugzilla :: Installation & Upgrading, enhancement)

Description

[Max Kanat-Alexander]

All of this code will probably go into Bugzilla::Install::Filesystem, and also become much more modular.

Comment 1

[Max Kanat-Alexander]

Attachment: v1

Once again, one of the craziest patches I've ever written.

However, this also allowed me to audit the perms a bit as I went through. Here's what I changed:

* runtests.pl, checksetup.pl, and customfield.pl are now only executable by
  their owner, not by the webserver user.
* We fix the permissions of the bugzilla directory itself.
* We fix the permissions of the docs/ directory so that users can read the 
  html, txt, or pdf  docs if they exist, but so they can't do anything else.
* makedocs.pl can be executed by the owner.
* All CVS directories and all files in them are set to 700.
* The t/ directory is only readable by the owner, not by the web server.

Comment 2

[Max Kanat-Alexander]

Requesting approval directly as module owner. I've tested this pretty well, made sure all the permissions are correct. Possibly there are some very weird edge cases that I've missed, but I think everything looks good and should work right in all cases.

Oh, and the patch also includes a fix for the previous patch (the template-compilation one).

Comment 3

[Max Kanat-Alexander]

Checking in checksetup.pl;
/cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v  <--  checksetup.pl
new revision: 1.528; previous revision: 1.527
done
Checking in Bugzilla/Template.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Template.pm,v  <--  Template.pm
new revision: 1.58; previous revision: 1.57
done
Checking in Bugzilla/Install/Filesystem.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Install/Filesystem.pm,v  <--  Filesystem.pm
new revision: 1.2; previous revision: 1.1
done