[dokuwiki] Re: dmode permissions and 2006-09-28 rc1
- From: chris <jugg@xxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Tue, 10 Oct 2006 13:05:33 -0700
Chris Smith wrote:
chris wrote:
Is anyone versed enough in php to understand what is going on here?
Might there be some php configuration directive that is messing with
this? Using: Apache/1.3.33 (Debian GNU/Linux) PHP/4.3.10-16
Hi ... before I posted last week, I checked using 02xxx and 04xxx dmode
permission in dokuwiki - both were set correctly on my install. At the
time I was running PHP5 as a module under apache2 on gentoo flavoured
linux. I am not too familiar with how these permissions should affect
the directory owner and group on creation, so can't say if the new
directory was created correctly.
Ok, sorry for the constant barrage of emails here in the last while. I
realized that I've kind of moved off topic from dokuwiki to file system
permissions. However, since this affects my use of dokuwiki, I hope it
is ok to continue this here. If not, let me know.
It all comes down to me not understanding (or rather not paying
attention to) the nature of how permissions are handled in this
environment. It has nothing to do with php. The same problem persists
on the command line (verified by 'su www-data' and executing the
relevant mkdir/chmod commands)
Here is my dokuwiki/data folder perms:
drwxrws--- dokuwiki/data www-data:devgrp
Purpose: I want to give www-data (apache/php) access to the data folder
to do its thing. However I also want to ensure my developer group for
the project retains group ownership and permissions to all
files/directories under the dokuwiki/data folder to maintain it as
necessary.
While in dokuwiki/data directory as the www-data user (umask of 0022):
-> mkdir newdir
drwxr-sr-x dokuwiki/data/newdir www-data:devgrp
# note, lack of 's' bit.
-> chmod 02770 newdir
drwxrwx--- dokuwiki/data/newdir www-data:devgrp
# note, lack of 's' bit.
-> mkdir -m 02770 newdir2
drwxrwx--- dokuwiki/data/newdir2 www-data:devgrp
# note, this sequence removes SGID bit, even though it wasn't
# directly touched.
-> mkdir newdir3
drwxr-sr-x dokuwiki/data/newdir3 www-data:devgrp
-> chmod o-rx newdir3
drwxr-s--- dokuwiki/data/newdir3 www-data:devgrp
-> chmod g+w newdir3
drwxrwx--- dokuwiki/data/newdir3 www-data:devgrp
# note, no change here
-> chmod g+s newdir3
drwxrwx--- dokuwiki/data/newdir3 www-data:devgrp
So, "chmod g+s newdir3" does -not- give me a normal error as it would as
a user who actually didn't have permissions, doing this from a user
account that didn't have ownership produces:
"chmod: changing permissions of `newdir3': Operation not permitted"
Where this leaves me, I'm not sure... Probably in taking a File
Permissions and Ownership 101 course. heh Every time I think I
understand it something else like this comes up.
Note, if www-data is added to the "devgrp" group, then it would be able
to set the SGID bit. However, that is no good, as I don't want it
having access to other non web related project files. Obviously a
solution for me is to create a "www-devgrp" group or some such, and add
the www-data user and the users in devgrp to the new group. Its just
annoying to keep adding more and new user groups for every single
service that I need to run and combine normal user accounts with.
Anyway, thanks for the input. I think at this point there isn't really
anything left to do on dokuwiki's side in regards to this issue. Thanks.
chris
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts: