New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an help text inviting users to set low permissions after auto update #1833
Comments
see also #1590 |
Anthon wrote: If the directory/file owner and web server user have the same UID, use 0600 for files and 0700 for directories. If not, but the owner and web server user are in the same group, use 0660 for files, and 0770 for directories. Otherwise, use 0666 for files, and 0777 for directories. (If you're on a shared hosting account and have to be this permissive, then I'd probably switch hosting providers.) |
Also there is a problem in that, it seems that by default /tmp/ directory is not protected. For example demo.piwik.org/tmp/templates_c/ demo.piwik.org/tmp/templates_c/%25%250D%5E0DB%5E0DBECC49%25%25index.tpl.php are directory disclosure. I guess the easiest way would be to create a blank index.html in each directory? Also, extract from email:
|
See also other report where the installation was loopig for lack of write permissions on the config/ folder. Are they checked properly? |
See http://symfony.com/doc/current/book/installation.html for acl tips on environments that support it |
We now give the command to chmod 755 So, I think this ticket is not necessary anymore, since the commands given do not give extra permissions that could be dangerous... Closing as won't fix. |
Milestone 1.8.x Piwik 1.8.x deleted |
See follow up #5034 |
When auto update fails, we suggest users to
See code in Piwik.php copy() function, called from CoreUpdater/Controller oneClick_copy function.
The missing bit is that we don't tell users to revert back to less permissive permissions after the auto update was finished.
However, for more security we should do so.
Brain dump: I don't think a simple chmod -R 0644 will do, as piwik/tmp/* needs write access.
What are the exact minimal commands that would be required to set Piwik at the safest working state?
The text was updated successfully, but these errors were encountered: