search

invoiceninja / ui

Invoice Ninja: Web admin portal built with React
https://app.invoicing.co
Other
52 stars 46 forks source link

Consider relaxing Filesystem permission check #1869

Open turbo124 opened 1 week ago

turbo124 commented 1 week ago

Discussed in https://github.com/invoiceninja/invoiceninja/discussions/9710

Originally posted by **gramakri** June 28, 2024 We got a few reports on the Cloudron forum regarding the healthcheck showing a warning about writable files. Indeed, on Cloudron, I get warnings like below: ![image](https://github.com/invoiceninja/invoiceninja/assets/82041/0ad8aa33-cae7-4fe2-8e6d-900fe0eb9cd5) Looking closer, it seems https://invoiceninja.github.io/en/self-host-installation/#file-permissions recommends 0755 permission for source code and https://github.com/invoiceninja/invoiceninja/blob/d35613a6c57eff8bc4ab9088d6d79228fcf2b033/app/Utils/SystemHealth.php#L131 simply checks for all source code to be writable. Can you consider relaxing this requirement or maybe even skipping this altogether with some env flag? When deployed via Docker, containers can be treated as throwaway components and as such the permissions are not really relevant. It's alos not a good idea security wise to have code writable.
turbo124 commented 1 week ago

@Civolilah this task is to hide the Permissions section of the healthcheck IF the healthcheck property is_docker === true