Pages: 1
Piwigo seems to create files in (subdirectories of) .../_data with 600 permissions, making them readable only for the owner.
That's a problem for me as PHP is running via suphp/suexec, so all files are created with an owner of "userx" and permissions "rw-------", making them inaccessible for the web server. Correct permissions would be "rw----rw-".
Could you make that configurable (and/or point me to the place in the code where those permissions are set)?
TIA,
-thh
Hi -thh,
We'll investigate on the suExec/suPHP issue. What is your hosting provider?
Offline
plg wrote:
Hi -thh,
We'll investigate on the suExec/suPHP issue. What is your hosting provider?
Sorry, I was a bit sparse with details ... I'm hosting piwigo myself.
Piwigo version is 2.4.0 running on a Debian 6.0.5 (squeeze) box with Apache 2.2.16-6+squeeze7, PHP 5.3.3-7+squeeze13 and suphp 0.7.1-1.
umask of the user is set to 0022.
Regards,
-thh
Very good, this is a configuration I can easily reproduce.
Offline
Here is my test on a fresh installation of Piwigo 2.4 with suPHP:
plg@plg-VirtualBox:/var/www/plg/24/_data$ ll total 20 drwxrwxrwx 5 plg plg 4096 Jun 24 12:56 ./ drwxrwxr-x 15 plg plg 4096 Jun 24 12:54 ../ drwxrwxrwx 2 www-data www-data 4096 Jun 24 12:57 combined/ -rw-r--r-- 1 plg plg 0 Jun 22 11:17 dummy.txt drwxrwxrwx 3 www-data www-data 4096 Jun 24 12:56 i/ drwxrwxrwx 2 www-data www-data 4096 Jun 24 12:57 templates_c/ plg@plg-VirtualBox:/var/www/plg/24/_data$ umask 0002
It works fine, but I thought "combined" directory would be owned by "plg" and not by "www-data", maybe I did not configure suPHP correctly.
Offline
Thanks for your efforts!
plg wrote:
Here is my test on a fresh installation of Piwigo 2.4 with suPHP:
Code:
plg@plg-VirtualBox:/var/www/plg/24/_data$ ll total 20 drwxrwxrwx 5 plg plg 4096 Jun 24 12:56 ./ drwxrwxr-x 15 plg plg 4096 Jun 24 12:54 ../ drwxrwxrwx 2 www-data www-data 4096 Jun 24 12:57 combined/ -rw-r--r-- 1 plg plg 0 Jun 22 11:17 dummy.txt drwxrwxrwx 3 www-data www-data 4096 Jun 24 12:56 i/ drwxrwxrwx 2 www-data www-data 4096 Jun 24 12:57 templates_c/ plg@plg-VirtualBox:/var/www/plg/24/_data$ umask 0002
My problem is with files dynamically created in the combined/ and i/* directories, not with the directories itself. Did you try that, too?
First opening a new album:
All picture thumbnails but one (which is the album thumbnail) are not displayed; they are created "on the fly", but inaccessible to the webserver:
$ find . -perm 600 ./_data/i/galleries/snapshot/2001-winter/05-th.jpg ./_data/i/galleries/snapshot/2001-winter/01-th.jpg ./_data/i/galleries/snapshot/2001-winter/06-th.jpg ./_data/i/galleries/snapshot/2001-winter/03-th.jpg ./_data/i/galleries/snapshot/2001-winter/04-th.jpg
Fixing permissions:
$ find . -perm 600 -exec chmod 644 '{}' \; $ find . -perm 600 $
Now all thumbnails are visible:
The same for any other picture (or CSS file).
As I said, I made a fresh install and it works very well: cache is generated and readable by the webserver. But the owner of the generated files and directories is www-data, so of course it works, this is why I wonder if I configured suPHP the right way.
Offline
plg wrote:
As I said, I made a fresh install and it works very well: cache is generated and readable by the webserver.
And permissions of the cache files are 600?
I think that's the crucial point - it can't work with suPHP and permissions of 600 because all generated files will be owned by the user (thh, in my case), but have to be readable for the web server (www-data).
plg wrote:
But the owner of the generated files and directories is www-data, so of course it works, this is why I wonder if I configured suPHP the right way.
Ah, I see. I don't think you have a working suPHP installation, then. :)
I'm not sure you have to build one either - if you can confirm that cache files are created with rw------- permissions, that's enough to show that it can't work with suPHP.
I don't understand what that should be, though. With an umask of 0022, files should be created with rw-r--r-- permissions (644), not 600. Does piwigo force more restrictive permissions?
Could you point me to the function, class or include file with the code to generate cache files? Then I could have a look myself.
Regards,
-thh
Hi,
I had the same problem, and I made this quick (and probably dirty) fix in the afternoon to make it compatible with suphp, I hope it will help.
Regards.
François
diff -Naur piwigo-orig/admin/include/functions_upload.inc.php piwigo/admin/include/functions_upload.inc.php --- piwigo-orig/admin/include/functions_upload.inc.php 2012-05-07 15:44:28.000000000 +0200 +++ piwigo/admin/include/functions_upload.inc.php 2012-08-18 20:06:47.806019749 +0200 @@ -246,7 +246,7 @@ { rename($source_filepath, $file_path); } - + chmod($file_path, 0644); if (pwg_image::get_library() != 'gd') { if ($conf['original_resize']) @@ -539,4 +539,4 @@ return null; } -?> \ No newline at end of file +?> diff -Naur piwigo-orig/admin/include/image.class.php piwigo/admin/include/image.class.php --- piwigo-orig/admin/include/image.class.php 2012-07-25 12:31:56.000000000 +0200 +++ piwigo/admin/include/image.class.php 2012-08-18 20:09:33.794021229 +0200 @@ -492,7 +492,9 @@ { // use 4:2:2 chroma subsampling (reduce file size by 20-30% with "almost" no human perception) $this->image->setSamplingFactors( array(2,1) ); - return $this->image->writeImage($destination_filepath); + $result = $this->image->writeImage($destination_filepath); + chmod($destination_filepath, 06444); + return $result; } } @@ -818,4 +820,4 @@ } } -?> \ No newline at end of file +?> diff -Naur piwigo-orig/include/template.class.php piwigo/include/template.class.php --- piwigo-orig/include/template.class.php 2012-07-25 19:26:26.000000000 +0200 +++ piwigo/include/template.class.php 2012-08-18 20:07:49.346019725 +0200 @@ -1344,6 +1344,7 @@ } file_put_contents( PHPWG_ROOT_PATH . $file, $output ); + chmod( PHPWG_ROOT_PATH . $file, 0644 ); $out_file = $file; $out_version = false; $this->clear(); @@ -1407,4 +1408,4 @@ } } -?> \ No newline at end of file +?>
Thx for the feedback
You soul d open a ticket in our bugtracker too, thx
Offline
Bug open: http://piwigo.org/bugs/view.php?id=2725
guys, I think you should update your umask parameter in suPHP config file from 0077 to 0022
Offline
Pages: 1