Project

General

Profile

Actions
Copy link

Defect #27538

closed

Redmine installation documentation incorrectly suggests setting uploaded file permissions to 0755, making them executable for everybody

Added by cas dev over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Documentation
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

Official redmine installation documentation at https://www.redmine.org/projects/redmine/wiki/RedmineInstall#Step-8-File-system-permissions tells us to

chmod -R 755 files log tmp public/plugin_assets

to setup correct file system permissions.

However, this leads to all user uploaded files to get 0755 file permissions, which makes them executable (for everybody).

You'd rather should suggest something like

find files log tmp public/plugin_assets -type d -exec chmod 775 {} +
find files log tmp public/plugin_assets -type f -exec chmod 664 {} +

instead.

Check and update of documentation is needed before the Redmine Docker image maintainers update their docker-entrypoint.sh accordingly, see https://github.com/docker-library/redmine/issues/94

Thanks for having a look at this!

Actions
Copy link
 #1

Updated by Toshi MARUYAMA over 6 years ago

  • Status changed from New to Needs feedback
  • Priority changed from High to Normal

cas dev wrote:

However, this leads to all user uploaded files to get 0755 file permissions, which makes them executable (for everybody).

Really? I think it depends on umask.

Actions
Copy link
 #2

Updated by cas dev over 6 years ago

If we have no files at all when executing the mentioned chmod instruction, indeed it depends on the umask set.
That means, new files created after running that chmod instruction are never affected.

But as human users may change the permissions afterwards using your chmod instruction (e.g. after restoring from a backup), and in the official Redmine Docker Image the docker-entrypoint.sh does that everytime the container starts, I think using the mentioned chmod instruction is dangerous as it affects all existing files also.

Actions
Copy link
 #3

Updated by Toshi MARUYAMA over 6 years ago

  • Status changed from Needs feedback to Closed
  • Resolution set to Fixed

https://www.redmine.org/projects/redmine/wiki/RedmineInstall/diff?utf8=%E2%9C%93&version=284&version_from=283&commit=View+differences

Note: If you have files in these directories (e.g. restore files from backup), make sure these files are not executable.

sudo find files log tmp public/plugin_assets -type f -exec chmod -x {} +
Actions
Copy link
 #4

Updated by cas dev over 6 years ago

thanks for updating the docs!

Actions
Copy link

Also available in: Atom PDF