1) group writable perm is not actually needed
2) the check is still too much rigid, it checks against 770 and won't allow other permissions (www/ajax/storagecheck.php)
perms should be compared bitwise
If a customer wants 777 or some other permissions that allow world read access put a notice to the web ui that the permissions are insecure but allow it anyway.
antonsviridenko
commented
8 years ago
As discussed..
1) group writable perm is not actually needed 2) the check is still too much rigid, it checks against 770 and won't allow other permissions (www/ajax/storagecheck.php)
perms should be compared bitwise
If a customer wants 777 or some other permissions that allow world read access put a notice to the web ui that the permissions are insecure but allow it anyway.