Time to Review default Permission settings on files before Installation process

1 view
Skip to first unread message

Dmitry A.

unread,
Jan 19, 2010, 9:40:07 PM1/19/10
to In-Portal Bugs Team
Hey guys,


I think we should give Permissions topic very serious though. I
believe we'll be better of without requiring before installation 777
(worldwide) permissions on themes/ folder in particular.

I came across this more and more that people forget to turn them off
and in some cases it can lead to a security issue.


What others think on this?


Thanks.

Alexander Obuhovich

unread,
Jan 20, 2010, 3:17:23 AM1/20/10
to in-port...@googlegroups.com
Permission to write into "themes" folder wan't required before 5.0.0 version. The only reason for it is "Design Mode" during site browsing. In that mode administrator can drag-n-drop sideboxes/content boxes on pages to get desired layout and edit template contents using nice editor with HTML/In-Portal tags highlighted. Without that write permission all such operations will fail with error, that they can't save changes, that user have made.


--
You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To post to this group, send email to in-port...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.






--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

Dmitry A.

unread,
Jan 20, 2010, 12:03:23 PM1/20/10
to In-Portal Bugs Team
Yes, I do remember, but I would think that for security measures we
should:

1. NOT to require 777 during the installation + adjust toos/
fix_perm.sh script (to exclude themes/)
2. Somehow indicate on Design and File editing Modes that currently
theme is Read-Only and permissions needs to be changed.

All this would be done to tighten up the security.


Let me know what you think?

DA.


On Jan 20, 2:17 am, Alexander Obuhovich <aik.b...@gmail.com> wrote:
> Permission to write into "themes" folder wan't required before 5.0.0
> version. The only reason for it is "Design Mode" during site browsing. In
> that mode administrator can drag-n-drop sideboxes/content boxes on pages to
> get desired layout and edit template contents using nice editor with
> HTML/In-Portal tags highlighted. Without that write permission all such
> operations will fail with error, that they can't save changes, that user
> have made.
>
>
>
>
>
> On Wed, Jan 20, 2010 at 4:40 AM, Dmitry A. <dandre...@gmail.com> wrote:
> > Hey guys,
>
> > I think we should give Permissions topic very serious though. I
> > believe we'll be better of without requiring before installation 777
> > (worldwide) permissions on themes/ folder in particular.
>
> > I came across this more and more that people forget to turn them off
> > and in some cases it can lead to a security issue.
>
> > What others think on this?
>
> > Thanks.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "In-Portal Bugs Team" group.
> > To post to this group, send email to in-port...@googlegroups.com.
> > To unsubscribe from this group, send email to

> > in-portal-bug...@googlegroups.com<in-portal-bugs%2Bunsubscribe@go oglegroups.com>

Alexander Obuhovich

unread,
Jan 20, 2010, 12:06:18 PM1/20/10
to in-port...@googlegroups.com
I'm ok with that as long as users will be happy with this solution.

To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.



Alexander Obuhovich

unread,
Mar 27, 2010, 6:38:22 PM3/27/10
to in-port...@googlegroups.com
Here is the task: http://tracker.in-portal.org/view.php?id=664
Reply all
Reply to author
Forward
0 new messages