search

trampgeek / jobe

jobe is a server that runs small programming jobs in a variety of programming languages
MIT License
112 stars 79 forks source link

Directory permission problems under umask 0007 #16

Closed kcleung closed 7 years ago

kcleung commented 7 years ago

The standard VM created by my institution has a default umask of 0007. As a result:

/var/www/html/jobe/system$ ls -lh total 12K drwxr-xr-- 2 root root 320 Apr 11 09:21 core drwxr-xr-- 3 root root 182 Apr 11 09:21 database drwxr-xr-- 2 root root 40 Apr 11 09:21 fonts drwxr-xr-- 2 root root 4.0K Apr 11 09:21 helpers -rw-r--r-- 1 root root 114 Apr 11 09:21 index.html drwxr-xr-- 3 root root 39 Apr 11 09:21 language drwxr-xr-- 4 root root 4.0K Apr 11 09:21 libraries

many directories are not readable by the user www-data after I run install.sh, thus rendering the jobe unusable.

So install.sh somehow needs to ensure all directories are world-executable

Also, when I check out jobe onto /var/www/html/jobe, this is the permission I get for the files inside:

:/var/www/html/jobe$ ls -lh total 220K drwxr-x--- 15 root root 232 Apr 11 09:34 application -rw-r----- 1 root root 1.5K Apr 11 09:34 checkcorsaccess.html -rw-r----- 1 root root 6.5K Apr 11 09:34 index.php -rwxr-x--- 1 root root 6.5K Apr 11 09:34 install -rw-r----- 1 root root 2.5K Apr 11 09:34 license.txt drwxr-x--- 3 root root 66 Apr 11 09:34 nbproject -rw-r----- 1 root root 21K Apr 11 09:34 README.md -rw-r----- 1 root root 44K Apr 11 09:34 restapi.odt -rw-r----- 1 root root 91K Apr 11 09:34 restapi.pdf drwxr-x--- 2 root root 97 Apr 11 09:34 runguard -rw-r----- 1 root root 4.4K Apr 11 09:34 simpletest.py drwxr-x--- 8 root root 130 Apr 11 09:34 system -rwxr-x--- 1 root root 25K Apr 11 09:34 testsubmit.py

I guess the install.sh also needs to fix this too. Should all files be world-readable, and all directories be world-executable?

trampgeek commented 7 years ago

I'm puzzled by this. The installer already includes the following three lines to set permissions:

        do_command('chgrp {} {}/*'.format(webserver_user, install_dir))
        do_command('chmod -R g+rX {}/*'.format(install_dir))
        do_command('chmod g+rwX {}/files'.format(install_dir))

where do_command is a function that executes shell commands. Clearly these commands haven't worked in your case. Could you double-check the install process to find out what failed, please?

kcleung commented 7 years ago

The problem is that the ownership of /var/www/html/jobe remains root:root, yet www-data is not in the root group, and jobe is not world-executable:

jobetest01:/var/www/html$ ls -lhd jobe drwxr-x--- 7 root root 274 May 20 16:40 jobe jobetest01:/var/www/html$

So we also need to explicitly set permission and/or group ownership of install_dir.

My pull request #19 will fix this issue, please pull.

trampgeek commented 7 years ago

Fixed in version 1.3.5+ (12 June)