File permissions
[Naming poll] Packages »

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
File permissions
« on October 5th, 2011, 02:39 PM »
I'm curious to know what people think of this, because I have the feeling that I'm going to be seen as snobby for the approach I'm about to implement - if only because I value putting security and not-breaking-things above convenience.

We all know that file permissions on Unixish type systems can be problematic, and none more so than leaving things at 777, because on shared servers it's a pain, and on systems with suExec in place, it will actually cause system failure.

Now, because of my design structure, moving as much as possible outside of the standard tree, there's only a single place that requires permissions to be set in such a way as to allow for file changes (for the vast bulk of the time, and for the time file edits are actually needed, well, the same framework will be able to change them)

Here's the thing: I'm not planning on doing what SMF does, which is allow you to make all the folders and files writeable from Admin > Packages > File Permissions. I consider that quite dangerous, and have done for some time.

What I'm planning is that if the files are already writeable, for whatever reason, it'll just do what it has to do. (That means if you're crazy, or brave, or have suitable configuration, you can just get on with it. It also means that if you do change it, you're doing it manually, and all bets are off, we can't support you particularly effectively if you break it.)

When things aren't writeable, it'll prompt you for FTP (and hopefully, the option for SFTP details instead if possible) details, make the necessary changes, and here's the clever bit: it'll put them back again.

That means you're exposed to elevated permissions for a short period of time, rather than generically, and it should mean that even if files/folders are made 666/777 for writing purposes, that change is undone afterwards so things don't die in the suExec case.

The caveat is that you'll have to enter your FTP(/SFTP) details every time you add a plugin (or anything else), but frankly that seems preferable to me than making it possible to 'brick' it on a very typical setup and have to fix it through FTP afterwards.


Is that an acceptable compromise for users, or would it be better to allow the current state of play? (Remember: if your configuration allows the PHP script to alter files naturally, e.g. on some Windows configurations, or everything's uploaded as the Apache user, or everything's at 666/777 anyway, you won't be prompted - but it's then on your own head anyway.)
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

PantsManUK

  • [me=PantsManUK]would dearly love to dump SMF 1.X at this juncture...[/me]
  • Posts: 174
Re: File permissions
« Reply #1, on October 5th, 2011, 06:30 PM »
Personally, I don't mind having to type in a password every time I want to install a plugin if I gain a fist full of security for doing so. Wouldn't want to have to re-type all the FTP/SFTP details every time though.
« What is this thing you hoomans call "Facebook"? »

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: File permissions
« Reply #2, on October 5th, 2011, 06:47 PM »
Well, I could have it remember the port and username (as SMF can do) and you just type in the password.

PantsManUK

  • [me=PantsManUK]would dearly love to dump SMF 1.X at this juncture...[/me]
  • Posts: 174
Re: File permissions
« Reply #3, on October 6th, 2011, 10:32 AM »
A "Remember FTP details (not password)" flag would be more than acceptable :)

[Naming poll] Packages »