Piwigo.org

-thh · 2012-06-23 12:16:31

Piwigo seems to create files in (subdirectories of) .../_data with 600 permissions, making them readable only for the owner.

That's a problem for me as PHP is running via suphp/suexec, so all files are created with an owner of "userx" and permissions "rw-------", making them inaccessible for the web server. Correct permissions would be "rw----rw-".

Could you make that configurable (and/or point me to the place in the code where those permissions are set)?

TIA,
-thh

plg · 2012-06-23 19:28:22

Hi -thh,

We'll investigate on the suExec/suPHP issue. What is your hosting provider?

-thh · 2012-06-23 21:04:53

plg wrote:
Hi -thh,

We'll investigate on the suExec/suPHP issue. What is your hosting provider?

Sorry, I was a bit sparse with details ... I'm hosting piwigo myself.

Piwigo version is 2.4.0 running on a Debian 6.0.5 (squeeze) box with Apache 2.2.16-6+squeeze7, PHP 5.3.3-7+squeeze13 and suphp 0.7.1-1.

umask of the user is set to 0022.

Regards,
-thh

plg · 2012-06-23 21:31:32

Very good, this is a configuration I can easily reproduce.

plg · 2012-06-24 13:16:50

Here is my test on a fresh installation of Piwigo 2.4 with suPHP:

Code:

plg@plg-VirtualBox:/var/www/plg/24/_data$ ll
total 20
drwxrwxrwx  5 plg      plg      4096 Jun 24 12:56 ./
drwxrwxr-x 15 plg      plg      4096 Jun 24 12:54 ../
drwxrwxrwx  2 www-data www-data 4096 Jun 24 12:57 combined/
-rw-r--r--  1 plg      plg         0 Jun 22 11:17 dummy.txt
drwxrwxrwx  3 www-data www-data 4096 Jun 24 12:56 i/
drwxrwxrwx  2 www-data www-data 4096 Jun 24 12:57 templates_c/

plg@plg-VirtualBox:/var/www/plg/24/_data$ umask
0002

It works fine, but I thought "combined" directory would be owned by "plg" and not by "www-data", maybe I did not configure suPHP correctly.

-thh · 2012-06-24 18:08:12

Thanks for your efforts!

plg wrote:

Here is my test on a fresh installation of Piwigo 2.4 with suPHP:

Code:

plg@plg-VirtualBox:/var/www/plg/24/_data$ ll
total 20
drwxrwxrwx  5 plg      plg      4096 Jun 24 12:56 ./
drwxrwxr-x 15 plg      plg      4096 Jun 24 12:54 ../
drwxrwxrwx  2 www-data www-data 4096 Jun 24 12:57 combined/
-rw-r--r--  1 plg      plg         0 Jun 22 11:17 dummy.txt
drwxrwxrwx  3 www-data www-data 4096 Jun 24 12:56 i/
drwxrwxrwx  2 www-data www-data 4096 Jun 24 12:57 templates_c/

plg@plg-VirtualBox:/var/www/plg/24/_data$ umask
0002

My problem is with files dynamically created in the combined/ and i/* directories, not with the directories itself. Did you try that, too?

First opening a new album:

All picture thumbnails but one (which is the album thumbnail) are not displayed; they are created "on the fly", but inaccessible to the webserver:

Code:

$ find . -perm 600              
./_data/i/galleries/snapshot/2001-winter/05-th.jpg
./_data/i/galleries/snapshot/2001-winter/01-th.jpg
./_data/i/galleries/snapshot/2001-winter/06-th.jpg
./_data/i/galleries/snapshot/2001-winter/03-th.jpg
./_data/i/galleries/snapshot/2001-winter/04-th.jpg

Fixing permissions:

Code:

$ find . -perm 600 -exec chmod 644 '{}' \;
$ find . -perm 600
$

Now all thumbnails are visible:

The same for any other picture (or CSS file).

plg · 2012-06-24 18:11:35

As I said, I made a fresh install and it works very well: cache is generated and readable by the webserver. But the owner of the generated files and directories is www-data, so of course it works, this is why I wonder if I configured suPHP the right way.

-thh · 2012-06-24 18:52:01

plg wrote:
As I said, I made a fresh install and it works very well: cache is generated and readable by the webserver.

And permissions of the cache files are 600?

I think that's the crucial point - it can't work with suPHP and permissions of 600 because all generated files will be owned by the user (thh, in my case), but have to be readable for the web server (www-data).

plg wrote:
But the owner of the generated files and directories is www-data, so of course it works, this is why I wonder if I configured suPHP the right way.

Ah, I see. I don't think you have a working suPHP installation, then. :)

I'm not sure you have to build one either - if you can confirm that cache files are created with rw------- permissions, that's enough to show that it can't work with suPHP.

I don't understand what that should be, though. With an umask of 0022, files should be created with rw-r--r-- permissions (644), not 600. Does piwigo force more restrictive permissions?

Could you point me to the function, class or include file with the code to generate cache files? Then I could have a look myself.

Regards,
-thh

Francois Guerraz · 2012-08-18 20:13:33

Hi,

I had the same problem, and I made this quick (and probably dirty) fix in the afternoon to make it compatible with suphp, I hope it will help.

Regards.

François

Code:

diff -Naur piwigo-orig/admin/include/functions_upload.inc.php piwigo/admin/include/functions_upload.inc.php
--- piwigo-orig/admin/include/functions_upload.inc.php  2012-05-07 15:44:28.000000000 +0200
+++ piwigo/admin/include/functions_upload.inc.php  2012-08-18 20:06:47.806019749 +0200
@@ -246,7 +246,7 @@
   {
     rename($source_filepath, $file_path);
   }
-
+  chmod($file_path, 0644);
   if (pwg_image::get_library() != 'gd')
   {
     if ($conf['original_resize'])
@@ -539,4 +539,4 @@
 
   return null;
 }
-?>
\ No newline at end of file
+?>
diff -Naur piwigo-orig/admin/include/image.class.php piwigo/admin/include/image.class.php
--- piwigo-orig/admin/include/image.class.php  2012-07-25 12:31:56.000000000 +0200
+++ piwigo/admin/include/image.class.php  2012-08-18 20:09:33.794021229 +0200
@@ -492,7 +492,9 @@
   {
     // use 4:2:2 chroma subsampling (reduce file size by 20-30% with "almost" no human perception)
     $this->image->setSamplingFactors( array(2,1) );
-    return $this->image->writeImage($destination_filepath);
+    $result = $this->image->writeImage($destination_filepath);
+    chmod($destination_filepath, 06444);
+    return $result;
   }
 }
 
@@ -818,4 +820,4 @@
   }
 }
 
-?>
\ No newline at end of file
+?>
diff -Naur piwigo-orig/include/template.class.php piwigo/include/template.class.php
--- piwigo-orig/include/template.class.php  2012-07-25 19:26:26.000000000 +0200
+++ piwigo/include/template.class.php  2012-08-18 20:07:49.346019725 +0200
@@ -1344,6 +1344,7 @@
     }
 
     file_put_contents( PHPWG_ROOT_PATH . $file,  $output );
+    chmod( PHPWG_ROOT_PATH . $file,  0644 );
     $out_file = $file;
     $out_version = false;
     $this->clear();
@@ -1407,4 +1408,4 @@
   }
 }
 
-?>
\ No newline at end of file
+?>

flop25 · 2012-08-18 21:26:54

Thx for the feedback
You soul d open a ticket in our bugtracker too, thx

Francois Guerraz · 2012-08-18 22:58:19

Bug open: http://piwigo.org/bugs/view.php?id=2725

rvelices · 2012-08-27 10:30:05

guys, I think you should update your umask parameter in suPHP config file from 0077 to 0022

Piwigo.org

Announcement

#1 2012-06-23 12:16:31

Files in _data/* created with wrong / unexpected permissions

#2 2012-06-23 19:28:22

Re: Files in _data/* created with wrong / unexpected permissions

#3 2012-06-23 21:04:53

Re: Files in _data/* created with wrong / unexpected permissions

plg wrote:

#4 2012-06-23 21:31:32

Re: Files in _data/* created with wrong / unexpected permissions

#5 2012-06-24 13:16:50

Re: Files in _data/* created with wrong / unexpected permissions

Code:

#6 2012-06-24 18:08:12

Re: Files in _data/* created with wrong / unexpected permissions

plg wrote:

Code:

Code:

Code:

#7 2012-06-24 18:11:35

Re: Files in _data/* created with wrong / unexpected permissions

#8 2012-06-24 18:52:01

Re: Files in _data/* created with wrong / unexpected permissions

plg wrote:

plg wrote:

#9 2012-08-18 20:13:33

Re: Files in _data/* created with wrong / unexpected permissions

Code:

#10 2012-08-18 21:26:54

Re: Files in _data/* created with wrong / unexpected permissions

#11 2012-08-18 22:58:19

Re: Files in _data/* created with wrong / unexpected permissions

#12 2012-08-27 10:30:05

Re: Files in _data/* created with wrong / unexpected permissions

Board footer