mahara-contributors team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

Public bug reported:

In htdocs/lib/config-defaults.php, we currently have the following:

  // directorypermissions - what permissions to use for files and directories in 
  // dataroot. The default allows only the web server user to read the data. If 
  // you're on shared hosting and might want to download the contents of your 
  // dataroot later (e.g. for backup purposes), set this to 0777. Otherwise, 
  // leave it as is!
  //$cfg->directorypermissions = 0700;

I don't see a reason for the 0777 recommendation. That should probably
be a 0755.

** Affects: mahara
     Importance: High
         Status: Triaged


** Tags: security

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/911538

Title:
  Dangerous advice for shared hosting in config-defaults.php

Status in Mahara ePortfolio:
  Triaged

Bug description:
  In htdocs/lib/config-defaults.php, we currently have the following:

    // directorypermissions - what permissions to use for files and directories in 
    // dataroot. The default allows only the web server user to read the data. If 
    // you're on shared hosting and might want to download the contents of your 
    // dataroot later (e.g. for backup purposes), set this to 0777. Otherwise, 
    // leave it as is!
    //$cfg->directorypermissions = 0700;

  I don't see a reason for the 0777 recommendation. That should probably
  be a 0755.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/911538/+subscriptions