Open dooblem opened 6 years ago
@dooblem, thank you for your report. We've created internal ticket(s) MAGETWO-86558 to track progress on the issue.
@dooblem, thank you for your report. We've acknowledged the issue and added to our backlog.
Hi @engcom-Alfa. Thank you for working on this issue. Looks like this issue is already verified and confirmed. But if you want to validate it one more time, please, go though the following instruction:
[ ] 1. Add/Edit Component: XXXXX
label(s) to the ticket, indicating the components it may be related to.
[ ] 2. Verify that the issue is reproducible on 2.4-develop
branchDetails
- Add the comment @magento give me 2.4-develop instance
to deploy test instance on Magento infrastructure.
- If the issue is reproducible on 2.4-develop
branch, please, add the label Reproduced on 2.4.x
.
- If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!
[ ] 3. If the issue is not relevant or is not reproducible any more, feel free to close it.
Thanks for opening this issue!
Thanks for opening this issue!
@engcom-Alfa Thank you for verifying the issue.
Unfortunately, not enough information was provided to acknowledge ticket. Please consider adding the following:
"Component: "
label(s) to this ticket based on verification result. If uncertain, you may follow the best guessOnce all required information is added, please add label "Issue: Confirmed"
again.
Thanks!
:white_check_mark: Confirmed by @engcom-Alfa
Thank you for verifying the issue. Based on the provided information internal tickets MC-31120
were created
Issue Available: @engcom-Alfa, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.
Hi @engcom-Alfa. Thank you for working on this issue. Looks like this issue is already verified and confirmed. But if you want to validate it one more time, please, go though the following instruction:
Component: XXXXX
label(s) to the ticket, indicating the components it may be related to.2.4-develop
branch@magento give me 2.4-develop instance
to deploy test instance on Magento infrastructure. 2.4-develop
branch, please, add the label Reproduced on 2.4.x
.Hi @dooblem .
Thank you for your contribution and collaboration!
Unfortunately, we are not able to reproduce this issue on a fresh 2.4-develop.
Manual testing scenario:
find -perm -o+w -not -type l
Actual Result: :heavy_check_mark: The following command in the project returns no result
Run in console: find -perm -o+w -not -type l | wc -l
Actual Result: :heavy_check_mark: 0 found
So, we have to close it.
Please feel free to comment, reopen or create new ticket according to the Issue reporting guidelines
if you are still facing this issue on the latest 2.4-develop
branch. Thank you for collaboration.
hello @engcom-Alfa
Just to be sure, are you sure your test is good ?
In order to reproduce, you have to get the magento modules via composer. My understanding is that if you run the composer install from the magento development tree, it will not get magento modules as they are already in the source tree.
I was not able to reproduce with a composer create project for magento v2.4.1. I was not able to test with 2.4-develop branch because those modules are not available in the composer public repository.
Thanks in advance, Marc
Some permissions are still wrong with a create project for magento v2.4.3.
This is a security issue.
ubuntu@mage2-demo2:~$ composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition /tmp/myproject
Creating a "magento/project-community-edition" project at "/tmp/myproject"
Installing magento/project-community-edition (2.4.3)
- Installing magento/project-community-edition (2.4.3): Downloading (100%)
Created project in /tmp/myproject
Loading composer repositories with package information
Warning from https://repo.packagist.org: Support for Composer 1 is deprecated and some packages will not be available. You should upgrade to Composer 2. See https://blog.packagist.com/deprecating-composer-1-support/
Updating dependencies (including require-dev)
Package operations: 591 installs, 0 updates, 0 removals
- Installing laminas/laminas-dependency-plugin (2.2.0): Downloading (100%)
- Installing symfony/polyfill-php80 (v1.23.1): Downloading (100%)
- Installing symfony/polyfill-mbstring (v1.23.1): Downloading (100%)
- Installing symfony/polyfill-intl-normalizer (v1.23.0): Downloading (100%)
.....
.....
Writing lock file
Generating autoload files
118 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
PHP CodeSniffer Config installed_paths set to ../../magento/magento-coding-standard,../../phpcompatibility/php-compatibility
ubuntu@mage2-demo2:~$ ls -l /tmp/myproject/vendor/magento/module-inventory-catalog/registration.php
-rw-rw-rw- 1 ubuntu ubuntu 298 Jul 13 12:38 /tmp/myproject/vendor/magento/module-inventory-catalog/registration.php
reopen this issue due to the last two comments
@engcom-Alfa Could you please re-check it one more time considering new comments?
Hi @engcom-Delta. Thank you for working on this issue. In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:
[ ] 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).Details
If the issue has a valid description, the label Issue: Format is valid
will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid
appears.
[ ] 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description
label to the issue by yourself.
[ ] 3. Add Component: XXXXX
label(s) to the ticket, indicating the components it may be related to.
[ ] 4. Verify that the issue is reproducible on 2.4-develop
branchDetails
- Add the comment @magento give me 2.4-develop instance
to deploy test instance on Magento infrastructure.
- If the issue is reproducible on 2.4-develop
branch, please, add the label Reproduced on 2.4.x
.
- If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!
[ ] 5. Add label Issue: Confirmed
once verification is complete.
[ ] 6. Make sure that automatic system confirms that report has been added to the backlog.
Hi @dooblem, Thank you for the update , We tried to reproduce the issue on magento 2.4 develop instance.Issue is reproducible. We got the results when we run the command "find -perm -o+w -not -type l | wc -l".
Please find the attached screenshot for reference.
:white_check_mark: Jira issue https://jira.corp.magento.com/browse/AC-5898 is successfully created for this GitHub issue.
:white_check_mark: Confirmed by @engcom-Delta. Thank you for verifying the issue.
Issue Available: @engcom-Delta, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.
I believe that there is a problem with the permissions set by many modules. I checked some of our productions platform this morning and they all have this permission problem.
And setting the permissions with the find command as documented will only fix the group permissions, not the permissions for other users.
Preconditions
Steps to reproduce
Expected result
Actual result
Sample file with wrong permissions: -rw-rw-rw- 1 x2i www-data 1370 Feb 4 10:28 vendor/magento/magento2-base/index.php
Sample file with good permissions: -rw-r--r-- 1 x2i www-data 2378 Feb 4 2020 .vendor/magento/zendframework1/library/Zend/Date/DateObject.php