Feng Forum

Support => Installation problems => : editfish September 12, 2008, 01:01:34 AM

: Step 2, writeable, & security risks?
: editfish September 12, 2008, 01:01:34 AM

The system check during step 2 of the install went fairly well except for the note that /cache, /upload, /tmp were not writeable.  The install would not continue until I chmodded them all to 777.  How can I minimize the risk to the site through these world writeable directories?

Thanks!

: Re: Step 2, writeable, & security risks?
: cabeza September 12, 2008, 11:48:49 AM

Hi editfish ,
  You can chmod them to 755 ... everything should work that way (or else, please let us know).
Thanks,
Marcos

: Re: Step 2, writeable, & security risks?
: editfish September 12, 2008, 11:03:31 PM

Thanks, Marcos-

I'm much more comfortable with that.  Can I do the same for /public/files, or should it remain as 777?

: Re: Step 2, writeable, & security risks?
: cabeza September 13, 2008, 12:25:34 PM

Yes, you can.

: Re: Step 2, writeable, & security risks?
: editfish September 15, 2008, 12:32:16 AM

ERROR-

I chmodded /cache and /public/files to 755 as previously discussed, and things worked fine until I attempted to update user avatars (while logged in with full admin privileges):

---excerpt from log.php----------------------------------------------------------------------------

Session "default" started at 2008-09-15T03:15:43+0000
#1 ERROR: Error: imagepng() [<a href='function.imagepng'>function.imagepng</a>]: Unable to open '/home/tinwdub4/public_html/opengoo/cache/646b80e31398ecc22f64e5cc5c5502ad54893fba' for writing: Permission denied in '/home/tinwdub4/public_html/opengoo/library/simplegd/classes/SimpleGdImage.class.php' on line 183 (error code: 2)
#2 ERROR: Error: Undefined variable: public_filename in '/home/tinwdub4/public_html/opengoo/application/models/users/User.class.php' on line 561 (error code: 8)
#3 ERROR: Error: unlink(/home/tinwdub4/public_html/opengoo/cache/646b80e31398ecc22f64e5cc5c5502ad54893fba) [<a href='function.unlink'>function.unlink</a>]: No such file or directory in '/home/tinwdub4/public_html/opengoo/application/models/users/User.class.php' on line 564 (error code: 2)
Time since start: 0.11425113678 seconds
-------------------------------------------------------------------------------

Session "default" started at 2008-09-15T03:20:27+0000
#1 ERROR: Error: copy(/home/tinwdub4/public_html/opengoo/public/files/35afcc4bc940feeb1ad270ccfae49f348d28b04b.png) [<a href='function.copy'>function.copy</a>]: failed to open stream: Permission denied in '/home/tinwdub4/public_html/opengoo/application/models/PublicFiles.class.php' on line 39 (error code: 2)
Time since start: 0.184986829758 seconds
-------------------------------------------------------------------------------

After chmod these two directories back to 777 avatar update executed without a problem.

I'm not really comfortable leaving those directories world-writeable.  Why is a legitimate opengoo user (as included in the MySQL database) not permitted to write to this directory? 

Sorry for the idiocy.

: Re: Step 2, writeable, & security risks?
: cabeza September 15, 2008, 12:12:42 PM

FileSystem users are totally independent from OpenGoo users.
The truth is that they are used for different purposes. Integration between them could be desirable, but it is not implemented yet.
Marcos

: Re: Step 2, writeable, & security risks?
: editfish September 15, 2008, 10:56:41 PM

Gotcha.  Thanks for the clarification.  I was misunderstanding the level of integration of opengoo with the filesystem.

: Re: Step 2, writeable, & security risks?
: miguipda August 27, 2009, 04:26:15 AM

Hi,

Perfect it works...

Have a nice day,

Miguipda ;-)