You are here: Foswiki>Tasks Web>Item14640 (03 Mar 2018, GeorgeClark)Edit Attach

Item14640: Extension installer doesn't honor Store permissions masks

Priority: Normal
Current State: Confirmed
Released In: 2.1.7
Target Release: patch

Applies To: Engine
Component: Configure, FootNotePlugin
Branches:

Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark

The Extensions installer honors the MANIFEST permissions bits when they are present.

This requires sites on servers with restrictive permissions to use the CLI to fix up permissions after installation.

Ex: Site using Apache mod_suexec to change the user/group used with the CGI scripts.

Apache runs under user/group www-data:www-data
CGI scripts runs under cgiuser:cgiuser

In this situation, pub files either have to be world readable, or www-data needs to be in the cgiuser group. This can typically be controlled by setting the Configure parameters:

$Foswiki::cfg{Store}{overrideUmask} = $FALSE;
$Foswiki::cfg{Store}{dirPermission} = 0755;
$Foswiki::cfg{Store}{filePermission} = 0644;

However, Foswiki::Configure::Package honors the MANIFEST permissions, which can result in a broken site. While the check permissions wizard can detect the issue, fixing it requires shell access.

Issue detected after installation of FootNotePlugin:

data/System/FootNotePlugin.txt 0644 Plugin doc page
pub/System/FootNotePlugin/styles.css 0660
lib/Foswiki/Plugins/FootNotePlugin.pm 0444 Plugin Perl module

Apache was unable to serve the styles.css file, resulting in a 403 - Forbidden response.

-- GeorgeClark - 03 Mar 2018

ItemTemplate edit

Summary	Extension installer doesn't honor Store permissions masks
ReportedBy	GeorgeClark
Codebase	2.1.6, 2.1.5
SVN Range
AppliesTo	Engine
Component	Configure, FootNotePlugin
Priority	Normal
CurrentState	Confirmed
WaitingFor
Checkins
TargetRelease	patch
ReleasedIn	2.1.7
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release02x01Checkins
Release02x00Checkins
Release01x01Checkins