Limit write permissions to data subdirectory #93

Open
opened 2018-10-25 12:35:42 +00:00 by matthijskooijman · 1 comment
matthijskooijman commented 2018-10-25 12:35:42 +00:00 (Migrated from github.com)

The instructions currently recommend write permissions to the entire hypha root directory. When installing from git, I believe (by now) only write permission to /data is really needed. When installing from a downloaded bundle, write permission to the entire directory is of course still needed.

The hypha.php script should probably make this distinction somehow and require only permissions that are really needed.

On a related note: The instructions should really not recommend doing a chmod 777 except as a last resort. Giving permissions to the webserver is usually possible in a more limited way, though that does depend heavily on the hosting setup used.

The instructions currently recommend write permissions to the entire hypha root directory. When installing from git, I believe (by now) only write permission to /data is really needed. When installing from a downloaded bundle, write permission to the entire directory is of course still needed. The hypha.php script should probably make this distinction somehow and require only permissions that are really needed. On a related note: The instructions should really not recommend doing a `chmod 777` except as a last resort. Giving permissions to the webserver is usually possible in a more limited way, though that does depend heavily on the hosting setup used.
matthijskooijman commented 2018-10-25 12:37:05 +00:00 (Migrated from github.com)

A related thing is that ideally, no files in data/ should be tracked by git, so the entire data/ directory can be chown'd to www-data or whatever user, while your normal user can still update git-tracked files normally. This is something to keep in mind when implementing the theme thing we had in mind.

A related thing is that ideally, no files in `data/` should be tracked by git, so the entire `data/` directory can be chown'd to `www-data` or whatever user, while your normal user can still update git-tracked files normally. This is something to keep in mind when implementing the theme thing we had in mind.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
harmen/hypha#93
No description provided.