Summary: | mail/rainloop fails to set required permissions in data directory | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Palle Girgensohn <girgen> | ||||
Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | loic.blot | ||||
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(loic.blot) |
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Comment on attachment 186680 [details]
fix ownership of data directory and installed files
Hello,
thanks for your patch.
is this possible to make EMPTY and VERSION owned by root ?
Also, why index.php is written by www-data, this is a possible security problem
Ah yes, you're right, they should all be owned by root. Just change to this? +%%WWWDIR%%/data/EMPTY +%%WWWDIR%%/data/VERSION +%%WWWDIR%%/index.php +@owner %%WWWOWN%% +@group %%WWWGRP%% +@dir %%WWWDIR%%/data Yes, please use this syntax :) excellent. I'll fix and commit. A commit references this bug: Author: girgen Date: Mon Sep 25 16:21:23 UTC 2017 New revision: 450621 URL: https://svnweb.freebsd.org/changeset/ports/450621 Log: Make sure we don't install program files as the web user It is sufficient that the data directory is writable. PR: 222572 Approved by: maintainer Changes: head/mail/rainloop/Makefile head/mail/rainloop/pkg-plist head/mail/rainloop-community/pkg-plist |
Created attachment 186680 [details] fix ownership of data directory and installed files The two rainloop ports fail to set the required ownership on its data directory. The directory is created with ownership set to root. rainloop wants to write there as thw web server user. Also, it sets the owner of all the php program files to the web user, which is not necessary and could be a potentials security problem. The suggested patch modifies this behaviour. Is it OK to commit? Palle