We offer only a single admin permission setting for folder and
file creation (actually 2). This may be too restrictive/permissive
for uploaded (public) files and patches/extensions/temp-files. In
some server scenarios, file/folder permissions can keep the system
from working (correctly) and it seems the only fix is to open up
the (group/world) permissions. In a perfect world/setup, all
files/folders within Exponent would be owned by the specific web
server user and only need to be accessible by the server. However,
audio (and video?) files can only be played if they are world
readable. A world read/write permission (777/666) though would
cause a possible security issue because it would/might allow anyone
the opportunity to write/edit a file and then execute it. (though
we already have some pretty strong anti-execution settings/code in
place)
- We may need 2 types of folder/file permissions (actually 4)
based on whether it's for an upload into the /files folder or
somewhere else in the system
- We need to ensure we are always setting the folder/file
permissions instead of the default of 0777 for mkdir()
- The intent would be to lock down the system (everything but the
/files folder and to allow a little more (read-only) access to the
/files folder and it's children, with a little more access (write)
to upload files
Create new ticket
expNinja