[dokuwiki] Re: dmode permissions and 2006-09-28 rc1

  • From: chris <jugg@xxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Tue, 10 Oct 2006 13:05:33 -0700

Chris Smith wrote:

chris wrote:


Is anyone versed enough in php to understand what is going on here? Might there be some php configuration directive that is messing with this? Using: Apache/1.3.33 (Debian GNU/Linux) PHP/4.3.10-16

Hi ... before I posted last week, I checked using 02xxx and 04xxx dmode permission in dokuwiki - both were set correctly on my install. At the time I was running PHP5 as a module under apache2 on gentoo flavoured linux. I am not too familiar with how these permissions should affect the directory owner and group on creation, so can't say if the new directory was created correctly.

Ok, sorry for the constant barrage of emails here in the last while. I realized that I've kind of moved off topic from dokuwiki to file system permissions. However, since this affects my use of dokuwiki, I hope it is ok to continue this here. If not, let me know.

It all comes down to me not understanding (or rather not paying attention to) the nature of how permissions are handled in this environment. It has nothing to do with php. The same problem persists on the command line (verified by 'su www-data' and executing the relevant mkdir/chmod commands)

Here is my dokuwiki/data folder perms:

drwxrws---   dokuwiki/data   www-data:devgrp

Purpose: I want to give www-data (apache/php) access to the data folder to do its thing. However I also want to ensure my developer group for the project retains group ownership and permissions to all files/directories under the dokuwiki/data folder to maintain it as necessary.

While in dokuwiki/data directory as the www-data user (umask of 0022):

-> mkdir newdir
drwxr-sr-x   dokuwiki/data/newdir   www-data:devgrp

# note, lack of 's' bit.
-> chmod 02770 newdir
drwxrwx---   dokuwiki/data/newdir   www-data:devgrp

# note, lack of 's' bit.
-> mkdir -m 02770 newdir2
drwxrwx---   dokuwiki/data/newdir2   www-data:devgrp

# note, this sequence removes SGID bit, even though it wasn't
# directly touched.
-> mkdir newdir3
drwxr-sr-x   dokuwiki/data/newdir3   www-data:devgrp

-> chmod o-rx newdir3
drwxr-s---   dokuwiki/data/newdir3   www-data:devgrp

-> chmod g+w newdir3
drwxrwx---   dokuwiki/data/newdir3   www-data:devgrp

# note, no change here
-> chmod g+s newdir3
drwxrwx---   dokuwiki/data/newdir3   www-data:devgrp

So, "chmod g+s newdir3" does -not- give me a normal error as it would as a user who actually didn't have permissions, doing this from a user account that didn't have ownership produces:

"chmod: changing permissions of `newdir3': Operation not permitted"

Where this leaves me, I'm not sure... Probably in taking a File Permissions and Ownership 101 course. heh Every time I think I understand it something else like this comes up.

Note, if www-data is added to the "devgrp" group, then it would be able to set the SGID bit. However, that is no good, as I don't want it having access to other non web related project files. Obviously a solution for me is to create a "www-devgrp" group or some such, and add the www-data user and the users in devgrp to the new group. Its just annoying to keep adding more and new user groups for every single service that I need to run and combine normal user accounts with.

Anyway, thanks for the input. I think at this point there isn't really anything left to do on dokuwiki's side in regards to this issue. Thanks.

chris

--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts:

  1. Home
  2. dokuwiki
  3. Archive
  4. 10-2006