marcantondahmen / automad

A flat-file content management system and template engine
https://automad.org
MIT License
664 stars 42 forks source link

Consider changing the default dir and file permissions and/or use of `umask` #55

Open michaellenaghan opened 2 years ago

michaellenaghan commented 2 years ago

There are two main approaches to giving the web server access to files. I'm not sure the details are relevant. What is, I think, is this. While trying them out, I kept losing control of the files Automad was creating.

I tracked it down to this:

        // PERMISSIONS
        self::set('AM_PERM_DIR', 0755);
        self::set('AM_PERM_FILE', 0644);

Automad is using too-restrictive permissions.

The good news — very good news! — is that I was able to change the defaults by adding them to my config.php. (One quirk: config.php uses JSON syntax, and JSON doesn't support octal notation; I had to convert the permissions to decimal. That feels... very strange.)

The odd thing is that Automad also sets the umask. I don't think that's right? I think the right thing is a) setting "maximum" permissions and then b) combining them with the user's umask. Without changing the user's umask. That way the user effectively chooses the permissions.

If you take a look at Symfony, you can see that they always use 0777 for directories and 0666 for files, so I think that's right. But if you like I can go looking for further (and more definitive) evidence.

michaellenaghan commented 2 years ago

Let me know if you'd like me to tackle this.

marcantondahmen commented 2 years ago

At moment the configured permissions are enforced by ignoring the umask and setting it temporarily to 0. But I understand it also somehow makes sense to respect the existing umask. I will take a look at it.

michaellenaghan commented 2 years ago

As with issue #54, I have to say that this is not about opinion, it's about the right and wrong way to do things.

I know that you don't know me, and that I don't have any authority in your eyes. That's why I keep taking the time to look at established PHP frameworks and products, why I keep including links to them.

At the start of this thread I gave you links that showed Symfony works in a way that's consistent with what I suggested.

This is the one and only place Kirby, another flat-file CMS, calls mkdir. Note there's no permissions. That makes sense to me, because the default for directories is 0777.

This is the one and only place Kirby writes files. Again, there's no permissions. That makes sense to me, because the default for files is 0666.

Unix systems work a certain way. They expect apps to work a certain way. You have to work in line with expectations.

Note that there are times where you should be more specific with permissions. For example, you might not want to create accounts.php with the default 0666 permissions. Again, though, you'd be thinking about the maximum reasonable permissions for that file, and you'd let the user's umask reduce that further.